08-12-2024, 06:54 PM
I am making this thread because in the last few days I have spotted and reported different trojans on different accounts that drop various types of malware, masquerading as legitimate users. This is a (very) quick guide for new users on how to spot likely malware on the forum and avoid being miggered.
0.
This is a cybercrime forum, not everybody is nice. The saying "there is no honor among thieves" is not entirely true but this forum is teeming with scammers and bad actors. Do not trust any random more than you should.
1. Unnecessary use of emojis
If the title of the thread includes random emojis for no reason, unnecessary usage of check-marks (this is against forum rules by the way) and other user added flare, it is likely that they are serving malware
2. Account age and reputation
Before downloading anything you should always check account age and reputation, if a 1yr old account with upgrades and high rep is posting software/malware that they should be posting (i.e. well known cracker posting cracking tools) then it is not likely they are scamming. 1 week old bluefag with 2 threads both of which are named "Discord nitro generator [check mark] 2024 [check mark] working! [meteor] nitrogen premium [meteor]" then do not waste your time. Use commons sense
3. Too good to be true
if the offer is too good to be true, it probably is not true. This applies for everything but especially for malware. They know their thread will get migged by staff in less than 3 hours so they try and get as many installs as possible. If software that offers you something worth money is being sold for no money then that makes no sense, except for the rare scenario where the person posting the free version/crack is doing it out of the kindness of their soul (there are very few people like this). Keep an eye out for any popular software which is wanted by the public, free cracks (games), cheats, checkers, nitro generators for discord, these are all popular vectors of infection that I have seen.
4. Password protected zip
There is no good reason (usually) to password protect a zip file for some software they are selling/giving away for free. If it is a password protected archive (zip,7z,rar) then it is likely only password protected to change the file signature and make static detection harder for browsers and antivirus.
Everything checks out, how do I make sure I didnt download malware?
Never give yourself a sense of false confidence. Even if everything above checks out, it is still possible you are dealing with a non-retarded scammer (1% spawn probability). If this is the case take the following measures
1. Use tools like virustotal
VirusTotal has gotten a lot better and is no longer a total piece of shit, it is great for static and behavioral analysis. Most malware that is spread like this is cheaply put together and will not pass a VT scan. False positives are possible but if your scan is detecting around 10+ with high confidence and a few malware family names are dropped, then it is likely malware.
IF SOMEONE IS SELLING YOU MALWARE, DO NOT UPLOAD THE AGENTS TO VIRUS TOTAL
This will allow researchers to create detection rules and signatures for their product.
2. NEVER EXECUTE ANYTHING FROM THIS WEBSITE ON YOUR NORMAL COMPUTER
This can never be stressed enough. DO NOT use your regular computer to run this software. Take the time to create a separate VM with NO PERSONAL INFORMATION OR SENSITIVE DATA on it. This way if you do get infected you will be fine. You should always have a virtual machine ready to run miscellaneous crimeware. In simple terms, do not shit where you eat.
Thanks for reading my thread, i hope this helps if you are new to this community, enjoy the forum!
0.
This is a cybercrime forum, not everybody is nice. The saying "there is no honor among thieves" is not entirely true but this forum is teeming with scammers and bad actors. Do not trust any random more than you should.
1. Unnecessary use of emojis
If the title of the thread includes random emojis for no reason, unnecessary usage of check-marks (this is against forum rules by the way) and other user added flare, it is likely that they are serving malware
2. Account age and reputation
Before downloading anything you should always check account age and reputation, if a 1yr old account with upgrades and high rep is posting software/malware that they should be posting (i.e. well known cracker posting cracking tools) then it is not likely they are scamming. 1 week old bluefag with 2 threads both of which are named "Discord nitro generator [check mark] 2024 [check mark] working! [meteor] nitrogen premium [meteor]" then do not waste your time. Use commons sense
3. Too good to be true
if the offer is too good to be true, it probably is not true. This applies for everything but especially for malware. They know their thread will get migged by staff in less than 3 hours so they try and get as many installs as possible. If software that offers you something worth money is being sold for no money then that makes no sense, except for the rare scenario where the person posting the free version/crack is doing it out of the kindness of their soul (there are very few people like this). Keep an eye out for any popular software which is wanted by the public, free cracks (games), cheats, checkers, nitro generators for discord, these are all popular vectors of infection that I have seen.
4. Password protected zip
There is no good reason (usually) to password protect a zip file for some software they are selling/giving away for free. If it is a password protected archive (zip,7z,rar) then it is likely only password protected to change the file signature and make static detection harder for browsers and antivirus.
Everything checks out, how do I make sure I didnt download malware?
Never give yourself a sense of false confidence. Even if everything above checks out, it is still possible you are dealing with a non-retarded scammer (1% spawn probability). If this is the case take the following measures
1. Use tools like virustotal
VirusTotal has gotten a lot better and is no longer a total piece of shit, it is great for static and behavioral analysis. Most malware that is spread like this is cheaply put together and will not pass a VT scan. False positives are possible but if your scan is detecting around 10+ with high confidence and a few malware family names are dropped, then it is likely malware.
IF SOMEONE IS SELLING YOU MALWARE, DO NOT UPLOAD THE AGENTS TO VIRUS TOTAL
This will allow researchers to create detection rules and signatures for their product.
2. NEVER EXECUTE ANYTHING FROM THIS WEBSITE ON YOUR NORMAL COMPUTER
This can never be stressed enough. DO NOT use your regular computer to run this software. Take the time to create a separate VM with NO PERSONAL INFORMATION OR SENSITIVE DATA on it. This way if you do get infected you will be fine. You should always have a virtual machine ready to run miscellaneous crimeware. In simple terms, do not shit where you eat.
Thanks for reading my thread, i hope this helps if you are new to this community, enjoy the forum!
This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Self-Ban | Retired |http://breached26tezcofqla4adzyn22notfqwcac7gpbrleg4usehljwkgqd.onion/Forum-Ban-Appeals if you wish to be unbanned in the future.
Ban Reason: Self-Ban | Retired |http://breached26tezcofqla4adzyn22notfqwcac7gpbrleg4usehljwkgqd.onion/Forum-Ban-Appeals if you wish to be unbanned in the future.
![[Image: signatureresized.png]](https://external-content.duckduckgo.com/iu/?u=https://i.ibb.co/ypjP2qJ/signatureresized.png)
