#malware for hacking | Explore Tumblr Posts and Blogs

Visit Blog

Explore Tumblr blogs with no restrictions, modern design and the best experience.

Fun Fact

130K people were victims of a chain letter scam that affected Tumblr in May 2011.

#malware for hacking

unichrome · 4 months

Text

Masterpost of informational posts

All posts are written for everyone, including those with no prior computer science education. If you know how to write an email and have used a computer at least sparingly, you are qualified for understanding these posts. :)

What is a DDoS

What are the types of malware

Vulnerabilities and Exploits (old and somewhat outdated)

Example of how malware can enter your computer

What are botnets and sinkholes

How does passwords work

Guide for getting a safer password

Here are various malware-related posts you may find interesting:

Stuxnet

The North Korean bank heist

5 vintage famous malware

Trickbot the Trickster malware (old and not up to date)

jRAT the spy and controller (old and not up to date)

Evil malware

New to Linux? Here's a quick guide for using the terminal:

Part 1: Introduction

Part 2: Commands

Part 3: Flags

Part 4: Shortcuts

If you have any questions, request for a topic I should write about, or if there is something in these posts that you don't understand, please send me a message/ask and I'll try my best to help you. :)

- unichrome

Bonus: RGB terminal

#datatag #masterpost #malware #cybersecurity #infosec #security #hacking #linux #information #informative #computer science

201 notes · View notes

roseamariesims · 3 months

Text

TS4 Malware via .TS4SCRIPT mods

(Copied from my Patreon)

Hi everyone, I figured I would make a post about this just in case anyone who follows me has not yet been made aware of the malware issues happening currently in the Sims 4 modding community.

Several days ago malware was discovered within a few mods that would silently steal info from your computer such as passwords and private information. This malware was then found to be in many other mods, as early as August 2023. It appears to mostly affect script (.ts4SCRIPT files), but be wary of .package files as well. Please read more about this on this reddit post and consider downloading TwistedMexi's ModGuard malware protection mod: https://www.patreon.com/posts/98126153 to keep yourself safe. There is also this website with information about the malware, known affected mods, how to check if you have been infected by it, and what to do if you have: https://scarletsrealm.com/malware-mod-information/

This malware affected user accounts which appear to have been hacked, or fake accounts made to mimic real users primarily. The list of known mods that were affected are:

Cult Mod by _PimpMySims

Social Events – Unlimited Time by MySims4

Weather and Forecast Cheat Menu by MSQSims

Seasons Cheats Menu by MSQSims

Motherlode Menu by MSQSims

Mood Cheat Menu by MSQSims

Mouth Preset N16

If you have downloaded these mods, please follow the advice in the reddit thread/website linked above. Please stay safe and vigilant when installing mods if you are continuing to do so currently.

#sims 4 #the sims 4 #sims 4 custom content #the sims #ts4 #sims #the sims cc #script mods #malware #sims 4 malware #sims 4 virus #virus #hacking

21 notes · View notes

estel-noreflecti0n · 5 months

Text

It's tuesday and I almost

managed to get a full night of sleep,

I played with dirty lines of code and

freaked out over nothing like

the fucking adult that I'm.

The skeleton in me was

aching for a dance floor where it could erode,

but it's tuesday and my bones

would be missing for a few more days,

something other than regret occupied it's place for now,

and smoky ash piled upon my love for bad decisions

colored it's trained indifference.

Dogs mourned and howled as

a missing less than sign shook my world red,

things that never truly mattered failed to compile,

logic gates screamed like the promises of

someone that wished for nothing but harm.

A threat analyst somewhere would call it fatal,

but on a tuesday no one would care,

proper malware always walks in uninvited and

I can appreciate that as much as the next vampire.

At my fingertips, structures of thought are turned

into pure mayhem as key constraints overflow

into abstract nightmares,

the green shell erupts in deliverance,

payload is such an ugly word for retribution

on a dying tuesday that,

by all that is fair and right should never have existed,

I name the file heartbreak.rb and call it complete,

feeling the urge to dance slowly escape from me,

dream, little file,

dream of all that is vile,

dream of all you could have been

#poetry #original poetry #poets on tumblr #female poets #poemsbyme #spilled ink #spilled poem #trans poets on tumblr #hacking #malware

18 notes · View notes

butlerm · 6 months

Text

Password hacked.

Watch the full video here: https://www.shutterstock.com/video/clip-1110370325-futuristic-cybersecurity-attack-concept-on-network-password?rid=1518998

15 notes · View notes

cypheroxide · 5 months

Text

The Hacker's Guidebook:

Aspiring hackers! I’ve created a guide covering core cybersecurity concepts new hackers should master before tools. I break down networking, OS internals, & hacking tactics. Recognize hacking as lifelong journey—arm yourself with the basics!

Core Concepts for Budding Cybersecurity Enthusiasts The Building Blocks of Ethical Hacking So you want to become an ethical hacker and enter the exciting world of cybersecurity. That’s awesome! However, before you dive headfirst into firing up Kali Linux and hacking everything in sight, it’s vital to build up your foundational knowledge across several InfoSec domains. Mastering the fundamentals…

View On WordPress

14 notes · View notes

mangor · 5 months

Text

… eldritch malware …

#malware #virus #blindsquid #hacking #code #viral #squid #octopus #cephalopod #scifi #scifiartwork #dalle3 #aiart

11 notes · View notes

iluvwerewolves · 2 months

Text

not sure if tumblr will let me post this but here's a project i was working on last week

it's a shellcode runner for my malware dev/rev eng/analysis project i teach at my college. it works by writing a section of bytes (the shellcode) to memory, setting a protected execute region, and then making a thread over it. in this harmless case, it makes a window pop up.

#rust #rust code #coding #malware #hacking #shellcode #cybersecurity

4 notes · View notes

amalgamasreal · 1 year

Video

youtube

TL;DW - Linus Media Group was hacked yesterday morning at 3AM via a hijacked session token that was yoinked by malware introduced into their system inside of a phishing PDF that was sent to one of their editors by a bad actor pretending to be a legitimate vendor.

This is why you always verify where your e-mails are coming from, never open attachments without scanning them first, never trust e-mails you didn’t expect to get, and always be suspicious of activity that you didn’t expect.

#youtube #e-mail security #hacking #malware #linus tech tips #linus media group #ltt #lmg

13 notes · View notes

theartofmany · 5 months

Text

youtube

"From Mr Robot Season2 Episode 5 "eps2.3_logic-b0mb.hc"" From Youtube channel Mr. Robot: I Live For This S*** | Mr. Robot Have you seen this TV show? Highly recommended Hack the Planet!!!...

#Mr. Robot #I Live For This S*** | Mr. Robot #TV show #fiction #Rami Malek #cyberpunk #hacker #coding #code #hack the planet #programming #ubuntu #computers #high tech low life #malware #data #script #Youtube

4 notes · View notes

hugrsstuff · 8 months

Text

I found this in the website 10 hours ago and i was afraid that i was hacked or smth. Tumblr, get your shit together

#tumblr #virus #hack #hacked #clown #image #malware #security breach #creepy clown image #wtf tumbr #fix this shit

4 notes · View notes

unichrome · 9 months

Text

The biggest heist that almost was

Let me tell you about the most insane bank heist that is going to sound like I'm just leaking the script for the next American hacking movie. The goal? Steal one billion USD. And it all began with an email and a printer, which as we all know is where problems usually start. Another weapon in this heist was... Weekends and time zones.

As usual, no prior computer science education needed.

What happened?

On the morning of February 5th 2016, a printer had stopped working in the central bank of Bangladesh (Bangladesh Bank). But it wasn't just any printer, it was the printer responsible for printing all the records of the multimillion transfers going in and out of the bank. When the poor employees finally won the printer battle and had it resume normal operation, they saw a very concerning account transfer in the records that was coming out. The bank had an USD account in the USA, at Federal Reserve Bank, with approximately 1 billlion Dollars in it, and the Federal Reserve Bank had received instructions to drain almost the entire amount. In the records that came out in the printer, the American bank had attempted to urgently message the Bangladesh bank regarding this transfer, but couldn't get through to them. This was because the hack had actually started the day before, Thursday 4th, at around 20:00 Bangladesh time, when the bank was closed. However, USA had just started their day, giving the American bank plenty of time to follow through with the instructions from the Bangladesh bank to drain their entire account while they were closed. And that wasn't the end of it, as weekends are from Friday to Saturday in Bangladesh, meaning that the Bangladesh bank headquarters in Dhaka wouldn't discover this withdrawal until Sunday morning. That's when they immediately tried to reach the American bank, which of course didn't work as over there it was Saturday evening, and the American weekend is from Saturday to Sunday, meaning that they wouldn't be reachable until Monday.

You see what I mean by the hackers using time zones and weekends, finding the perfect time for the American bank to execute their orders while Bangladesh discovers the withdrawal several days too late, and again several days too late for Americans to be reachable. But it didn't stop there with their timehacking.

The money had to go somewhere from the American bank, and it would be stupid to send it directly to the hackers own account without laundering the money first. So they had set up four different bank accounts in the Philippines, using fake names and credentials. Why the Philippines? Because the Lunar new year was on Monday the 8th, which is a holiday and holiday means no bank activities in either Bangladesh or the Philippines, buying the hackers even more time. As a final act, they messed with the printer responsible for printing transaction records, adding another few hours to their schedule. Moon and stars really aligned perfectly for this plan.

But how did they do it?

It all began one year prior, in January 2015, with an email sent to several employees at the Bangladesh Bank. The email seemingly contained a job application from a person who didn't actually exist, but who was very polite in his request for a position at the bank, with a link to his CV and cover letter. Naturally this link led to a document with a little surprise gift - malware. Since the heist happened, at least one of the recipients must have clicked the link, and successfully deployed a RAT - Remote Access Trojan, malware that lets you control a computer from the comfort of your own home, as well as a toolkit with various malware to move from computer to computer, avoiding discovery, and covering their tracks.

From there, the hackers slowly made their way through the bank offices network, one step at a time to avoid setting off alarms, looking for any computer that had control of the banks SWIFT setup. SWIFT lets banks transfer large amounts of money between themselves and other banks connected to SWIFT. And as soon as they found one of those computers, they stopped. They didn't need to hack SWIFT in the traditional sense of the word - since they operated in a bank computer, the SWIFT-software assumed they naturally had to be bank employees. However, one of the parts of the malware used in the heist was for manipulating the SWIFT system, as the hackers weren't physically there to press anything. Additionally, since they were laying dormant for the time to strike, they needed to keep an eye out for SWIFT updates that could detect any tampering with the system, and adapt accordingly.

Then they waited many months for the stars to align on February 4th, 2016.

There were 35 transfers made by the hackers from the American bank account, totaling almost 1 billion USD, but there were two of these tiny little seemingly insignificant details that prevented this from becoming the worlds largest bank heist in history. The hackers biggest enemy became this concept known as “words”.

The Philippine bank accounts were all located in the same RCBC Bank office on Jupiter Street in Manila. And this would be the hackers downfall, as USA had sanctions put on an Iranian cargo ship called Jupiter. Since the transactions went to a recipient that contained the word “Jupiter”, it created a security alert in the Federal Reserve Bank that the employees needed to investigate. When they saw what was going on, they managed to stop all but five of the initial 35 transactions, thus “only” roughly 100 million USD made it to the Philippines. The Bangladesh bank requested to reverse the transactions, but since the money was in the Philippines, they would need bureaucracy in form of a court order to reclaim the money, and we all know that's not a 5 minute project. It was when Bangladesh filed the court order in late February that the case became public (since court orders are public documents) and the news broke to the country.

Once in the RCBC bank accounts, the money arrived on Friday the 5th and was immediately moved again. First the 100 million was converted to local currency, and some of it was withdrawn in cash, while the rest was sent off to other hacker-controlled locations. And this is where the second tiny little detail cut off even more of the hackers precious payday. 20 million USD had been sent to Shalika Foundation, a charity organisation in Sri Lanka. But, once again the hackers worst enemy - words - decided to strike again. A typo was made in their transaction, sending the money to “Shalika Fundation”, and a bank employee who must have had their morning coffee spotted this typo and rejected the transfer and kept the funds frozen. This left the hackers with 80 million USD.

✨Now comes the money laundering!✨

There was a second reason for choosing the Philippines as deposit zone; gambling is legal and the casinos had no money laundering regulations imposed. The accomplices of the heist booked private rooms in two casinos located in Manila - Solaire and Midas - and proceeded to purchase tokens to gamble for with the stolen money. Since they played with a room consisting of their fellow accomplices, winning was not really much of a challenge. Then the tokens could be exchanged back to money that would now be clean. To avoid suspicion, they didn't gamble all of the money at once, but over the course of several weeks gambled away the dirty money to clean money.

Who was behind it?

It's normally difficult to pinpoint where the more sophisticated hacking groups come from. Oftentimes, they will leave false clues behind that points to another group so they will face more trouble instead of the group that did it. They may even place clues from several different groups, just to mess with the analysts. It's also quite common to simply “steal” a way of working from another group, or use a leaked/stolen tool from another group (criminals aren't safe from other criminals, especially not in this business) - there are new malware coming out all the time with code that is just a slight modification of a well-known malware actor that had their source code leaked or simply had hired the same programmer. Or they may leave no clues as to who was behind it. Attribution to the guilty part is usually the single most difficult mission in IT-security - often it's just pure guesswork with little to no solid evidence to back it up, if you're lucky there's circumstantial evidence.

This case was no different. The first clue came from the IP the bad guys used to connect to the Bangladesh bank from. It was located in Pyongyang, North Korea. But, as I mentioned, this is not a conclusive verdict, as the IP may simply be planted false evidence to throw the analysts off their track. After the heist, the hackers used a data-wiper to scrub as much of their malware off the bank systems, but they didn't succeed in deleting all of it, some of the tools were still present, including the wiper.

Due to the scale of this operation, it caught the attention of every single IT-security person and IT-security company worldwide, who all of course wanted to know who and how they did it. With the remaining malware, a joint effort was made, comparing malware code to other malware code for similarities. Some was found in Poland, after an analyst noted the similarities from another suspected North Korean hack. Some was found in another infamous North Korean hack targeting Sony Pictures. More and more signs pointed towards the same actor. Some were false leads, the hackers seemed to be wanting to implicate the Russians did it, but failed quite miserably at that, just sprinkling random Russian words into the malware and making it way too obvious it was a ruse.

You may not believe this, but the North Korean government has one of the most notorious hacking groups in the world, known as the Lazarus Group. Some of its more well-known adventures include an extremely data-destructive hack of Sony Pictures (as punishment for releasing “The Interview”), creation of the ransomware WannaCry which was used against many targets worldwide (including hospitals), and various attempts at gathering information from governments and government-affiliated corporations all over the world. And, of course, this heist.

Eventually, after months of collaboration all over the world, the final verdict fell on North Korea, and specifically one of their programmers. His name is Park Jin Hyok, and worked for Chosun Expo - a front company for the North Korean government, located in Dalian (China) who used the funds of the fake corporation gained from legitimate programming jobs from customers worldwide to create the malware and plan the heist with all of its expenses. Of course he wasn't the sole person involved in this project, but it's the only person we know was in it.

This particular heist had been meticulously planned for several years, and Park Jin Hyok had moved to Dalian, set up fake IDs and built a network of contacts there to avoid suspicion. However, he didn't manage to delete all of his online footprints, and became the number one suspect when his internet activities suddenly came from Pyongyang, North Korea.

Additionally, several Chinese business men - many associated with the casino industry in China's Macau territory - were also charged and arrested for assisting with setting up the gambling rooms and coordinating the money laundering process. One unknown Chinese business man managed to get away with 31 million USD of the 80 million that remained after the heist, and as you would expect, he was never to be seen again.

With the middlemen from China paid off, not much remained of the original 1 billion to North Korea. But the heist has fascinated the whole IT-security world nonetheless.

I remember when the news of this case dropped to the IT-security world, who all wanted to take part in the hunt. It was a very fun time, we were all sitting at the edge of our seats waiting for the next update. I hope it was at least somewhat exciting for you too to read about, and thank you for reading this long post! If you liked it, please consider reblogging as it motivates me to write more. You may also like malware stuff I've written about before, such as Stuxnet or just plain evil malware that is a threat to our daily lives.

As always my inbox is open if you have any questions.

#datatag #bangladesh #heist #lazarus #north korea #malware #security #Bank #Hacking #Cybersecurity

77 notes · View notes

ddaengsec · 1 year

Text

BTSARMY Security Awareness Edition

Securing Mobile Devices Part 1: Identifying Fake Apps (with Mister World Wide Handsome Kim Seokjin)

Contributors:

ddaengsec

emandro1d

ArmyCompsci

Devika⁷

btsarmysafety

ManelleBTS

11 notes · View notes

lifewithaview · 10 months

Text

Jerome Flynn and Alex Lawther in Black Mirror (2011-2019) Shut Up and Dance

When withdrawn Kenny stumbles headlong into an online trap, he is quickly forced into an uneasy alliance with shifty Hector, both at the mercy of persons unknown.

#Black Mirror #Jerome Flynn #Alex Lawther #tv series #Shut Up and Dance #S3E3 #online trap #malware #hacked camera #cybersecurity #spying #blackmail plot #drama #mystery #scifi #just watched

4 notes · View notes

tiredspacedragon · 8 months

Text

On the one hand, the Sarlet and Violet online scene being so thoroughly infested with bots and hackers is a somewhat serious, or at least pervasive, problem that should probably be addressed in some way.

But on the other, it is kind of hilarious, if only because it's so blatant.

Like yeah, that's 片句乍メ日呂. They almost just cost me a raid because they brought a shiny Hariyama to a battle against a Psychic Tera Braviary and spammed Arm Thrust. I matched with them on Surprise Trade earlier and they sent me a Shiny Hisuian Samurott at level 100, with perfect IVs, an optimal nature, its hidden ability, and 4 egg moves. Also it's fully EV trained and came in a Cherish Ball. Its name is DefinitelyWon'tGiveYouAComputerVirus.com.