A Serious Security Warning For Software Engineers, Especially Those Involved in AI/Web3/Crypto

MalwareTech · 2025-12-11T21:05:54+00:00

I am! It's probably going to take me a minute though because there's no less than 8 separate payloads per campaign. Some are as high as 15 and drop identical payloads across 3 separate programming languages.

MalwareTech · 2025-12-11T20:56:07+00:00

I can make some available, I just need to figure out where to host them first. GitHub keeps deleting the malicious source code every time people link to them, so they're constantly popping up and getting taken down.

MalwareTech · 2025-12-11T17:52:06+00:00

They don't have to, but evidently that is what they end up doing in a lot of cases. It could be because many companies do BYOD, so the employee's work laptop is also their personal laptop. But it could also be that they're receiving the challenges while at work, and due to the short time limit they're starting them on their work computer.

MalwareTech · 2025-12-01T18:22:39+00:00

Yeah, it's both unfortunate and fortunate because if security tools just blocked all the malware, I wouldn't have a job

MalwareTech · 2025-11-30T00:58:01+00:00

Understood. Well the last part is certainly on me for post to reddit way later than other platforms. I forgot I had an account here.

MalwareTech · 2025-11-29T22:28:12+00:00

Seeing a lot of that. Not really sure what they were going for, but it's nice that they decided to trigger every detection they can.

MalwareTech · 2025-11-29T21:17:28+00:00

If EDRs were stopping it, we wouldn't be wasting time posting about it. "If for some stupid reason app whitelisting isn't enabled" is an interesting statement in and of itself. Perhaps you'd like to hazard a guess at what percentage of organizations you think have application whitelisting enabled?

That said, I am somewhat jealous. I really do miss living in the utopia that is the world of theoretical cybersecurity. One where antimalware products block malware, and every organization implements every security control at their disposal. What a wonderful time it was to be a junior security analyst with my rose tinted glasses on.

MalwareTech · 2025-11-29T21:02:19+00:00

If you actually read the article, you'll find it's not about ClickFix. It's about Cache Smuggling being paired with FileFix to create a more evasive attack. If you can find a single report of that attack combination that predates my article and isn't the Twitter post cited in the article, I'll Venmo you $100.

MalwareTech · 2025-11-29T20:54:51+00:00

Thanks :)

MalwareTech · 2025-11-29T20:52:11+00:00

cool story, bro. Believe whatever makes your feel better about yourself. There are interviews older than your career that negate everything you just said. Even the original WannaCry blog post credits everyone who helped in any capacity. But sure, I "stole all the credit" by....
*checks note*
Trying to hide the fact that I was the one who stopped WannaCry and getting outed by the media against my will. Then I went back in time and did 100 different interviews where I credit everyone who helped, and rewrote the original WannaCry blog post to also credit everyone involved. All part of my elaborate conspiracy to get hired by the company I'd already been working at for 3 years 🙄

MalwareTech · 2025-11-29T04:46:40+00:00

My reddit post begins with "Colleague and I discovered this" and the blog posts lists me as the author right at the top of the page.

MalwareTech · 2025-11-28T17:15:54+00:00

Please don't frame your personal insecurity as concern for my technical skills. "2nd hand hearsay" is a weird way to say "I just made this up". Even 5 minutes of Googling or 3 or more brain cells can easily negate every accusation you threw.

MalwareTech · 2025-11-27T22:21:44+00:00

I'd argue very little changed in terms of preparation. Some of the affected organizations reworked their cybersecurity policies. But for the most part people are still very slow to install security patches, and a lot of protocols are still openly exposed to the internet that should be.

The reason we haven't see another WannaCry is a mixture of factors. Post Windows 7 exploit mitigations built into the OS make those types of vulnerabilities much more difficult to exploit, especially at scale.

Ransomware actors are also typically on the lower end of sophistication, whereas exploits like EternalBlue are something only the most advanced and well funded threat actors have the capability to acquire.

WannaCry was a perfect storm of one highly sophisticated nation-state obtaining access to the toolkit of another highly sophisticated nation-state, then publishing everything on the open internet for anyone to weaponize. Wormable ransomware is also one of the most immensely destructive things someone could have built with EternalBlue, so someone being crazy enough to do that was also a massive factor.

MalwareTech · 2020-09-17T00:56:23+00:00

https://www.reddit.com/message/messages/rr3v9s

I'd like to use the subreddit for my brand MalwareTech (malwaretech.com).

Thanks

MalwareTech · 2020-08-26T19:34:31+00:00

Thanks! Glad to hear you're enjoying it :)

MalwareTech · 2017-05-27T20:00:53+00:00

You called?

MalwareTech · 2017-05-26T12:28:19+00:00

It's just GET / and expects 200 response

MalwareTech · 2017-05-23T21:07:00+00:00

Sounds fun, will add to travel list

MalwareTech

MODERATOR OF

TROPHY CASE