Jaisal (AtomicByte/Jess)

@vxunderground unbox it and this is the requirements.txt 💀

Someone showed me this on Telegram. It is very silly. It is clearly masquerading as "Free GPT and Claude". Anyone with half a brain knows this is malicious, but people will still fall for it. People asked what it is. I have some free time. I poked it with a stick, People discussing it said it is XMRig. That is not entirely accurate. This is not XMRig. This is flagged as XMRig from Triage and VirusTotal because it does indeed drop XMRig, but it is much more than that. This is a (maybe new) information stealer packaged with XMRig as a double whammy. This malware is interesting because of a few things: 1. It is position independent, they care enough to be evasive and strip out a majority of dependencies. This is usually indicative of more serious malware. 2. They .zip it delivers from the "Free GPT and Claude" is intentionally bloated (payload inflation). It is 97MB, which may evade a majority of anti-malware product (initially) due to it's large size. It packages itself with FFMpeg and various other audio codecs. 3. It accesses Microsoft Outlook e-mails, accesses Chrome stuff using the COM IElevationService, looks for any SFTP credentials It (currently) does not have any matching YARA rules from AV vendors. The closest approximation is LummaStealer. My knowledge base on the Information Stealer scene is out-of-date (it changes a lot). However, on first initial glance this appears like a new information stealer. Again, this should be taken with a grain of salt. It's also worth noting the domain it exfiltrates to does not appear in any malware reports. The domain is unique, and the payload does not match any existing YARA rules (it's behavioral characteristics do, but not a specific malware family), so this is actually a pretty interesting sample. A lookup though shows this is an emerging malware campaign. It first appeared around the end of May. This is (probably) a known Threat Actor who has switched it up a bit (or it's MaaS, whatever though). The malware appears online masquerading as various products. - ecore-sourceproject - LogiDA - GPT_Claude_Free - CortexSystems.v3.4.2.Stable - TikTokBot-v2.2 - CortexLauncher Funny enough, this malware would have been much, much, much, MUCH more evasive if they didn't package it with XMRig. VirusTotal and Triage immediately flagged it because after it establishes persistence, and steals any credentials on the machine, it pulls XMRig to turn into a cryptocurrency miner. If they did not pull the XMRig binary this stealer would be much more quiet. I have no idea why they decided to burn their OPSEC with XMRig. C2: dfwioeiofwr-dot-info Payload (and associated families from the C2) 027d576c6b5512d661081aaeeeb8e611f95a469ccf5ba35e0a390e8814334d05 5dcc599cf48227e65ea49d2708d08704fd1cb7e3b89736718d0d8e557857c49c 5e8b40b0b7512e1a1355374fb0cf34bfdf1260ebdb80a353c8f9da2490beeed3 6a0c332296b017220fc2b522da653fce36a8a3c5c79de0200d61c5fc31eb89ce a2f8ebf65d54a4d9c8b720d01da77ad796683f1a5b8bd3d08738d7df4365f8a 9d4aaa9842c947756b7c128c432292732098fb71d247ef0bce60368563572da3 c4caca93e2291c018e701c217b7d232c534e4dd142042a59aa4d32754ef3022a

@gxjo_dev send it over

@atomicbyte_ You can check out the repository

someone built Minecraft from scratch with Claude Fable 5

wait i thought it was banned because of the US

@AskVenice how's that working out right now?

You can run Claude Fable 5 without Anthropic ever knowing it's you. No email required to sign up. Here's how to use Fable 5 anonymously through Venice:

@araseb_ Too easy to use for low IQ individuals

Why has Vercel become the default hosting platform for vibe coders? There are plenty of alternatives. What made Vercel win?

@N0rbertas @Shitpost_2048 Ask a superintelligence to cure death and it'll do it by destroying all life

@Shitpost_2048 can someone tell me what this is referencing? the only thing i can think of is that one Quake 3 Arena story where a guy forgot to pause his server for 4 years and when he returned all the bots were completely still but im not sure if thats it

@SockPup93876932 @pickover wouldn't that take... an infinite amount of time? since you *are* processing an infinite amount of digits...

@atomicbyte_ @pickover Take it in chunks :)

Mathematics. The Woman, the Finger, and Pi: A Math Puzzle That Will Make You Question Everything "Could the decimal expansion of π become all 1s and 0s after some finite location in the decimal digits of π?"

@SockPup93876932 @pickover i doubt regex would work for an infinite string...

@pickover It’s doable. Have a program calculate Pi and have a regex-check for a sequence of 1 and 0 in mo particular order.

YOU'RE VULNERABLE. YES, YOU. EVEN IF YOU DON'T RUN OLLAMA. You'll get it by the end of this. throwback to the time when i ratioed ollama for a bug that they still haven't patched to this day "we take security seriously" I've had it up to here with companies that think they have good security but never respond to real bugs. just because it's novel doesn't mean it's invalid. I get that "CSRF" isn't usually used in a DNS-rebinding type scenario where it's browser -> localhost request forgery. Yes, rebinding is patched but THIS 👏 IS 👏 NOT. Because *it's not a browser bug* in the first place it's YOUR bad cybersecurity. YOUR CORS policy leaking all over the bathroom floor. and i released a PoC, but some of them just dont get it. they don't read the code. honestly it's your problem atp. because if i can make a user go onto a website and run the javascript: "fetch('127.0.0.1')", it's not the server that makes the request. it's the client. and that client sends the information back to the server. it's remote-controlling an ollama server even if it's firewalled and cut off from the internet. sure, there's password protection, but that was barely around when i published this and it's still not a default. everything is vulnerable. ive been finding bugs in openclaw, hermes, and every other AI project you could imagine. they're all so broken. you can be hacked. within about 5 minutes of looking through a codebase. honestly i doubt this tweet will reach many people. i average about 40 per post (lol), but you could help out with a repost.

@Connie_codes @kylegawley You are employed in an unemployed way

@atomicbyte_ @kylegawley ok im employed but I still don't understand

I cancelled my $10/mo Calendly subscription and vibe coded my own with Fable for $12,000

@thenowhereway Been doing the second one for a while. Nothing.

You can launch on Product Hunt. Or launch on X with zero followers. Which one actually gets you your first 10 users?

@N_and_ni That opinion is unpopular for a reason

Unpopular opinion: If AI can solve the LeetCode question instantly, maybe the real skill isn’t solving it anymore.

@snwy_me You

they’re fucking WHAT

@gnukeith Why is my favorite browser talking about vibecoxing I don't want slop in Keith browser

If only I could use Composer 2.5 in Zed

@TheSpacerr Human

Name a career that AI can’t replace

@crvvdev It's actually a completely reasonable decision by anthropic

How did Claude gone from: "Ok I will reverse engineer this 20 year old proprietary encrypted protocol for you" to "Sorry I cannot process your request because it violates the..." We enriched your models capabilities for free and now you gatekeep the most important features...

@krishdotdev So many things wrong with this

Programming languages ranked by difficulty: 10 ➝ Python 9 ➝ JavaScript 8 ➝ Go 7 ➝ Java 6 ➝ C# 5 ➝ Kotlin 4 ➝ C 3 ➝ Rust 2 ➝ C++ 1 ➝ Assembly

@d4m1n Anybody who claims to have done this is lying

has anyone one-shot a SaaS with AI, completely unsupervised? full blown SaaS I'm talking payments, database, the works

@yadavji_codes .env for a calculator makes sense

How do you know I'm a vibe coder The dumboooo -