Luke Leal

#strox runs an impressive #phishing op, #PHaaS, which removes barriers of entry into phishing. #strox will rent you everything but the domain. e.g bulletproof host, phishing page, & market to sell the phished logins, etc #cybersecurity #infosec #malware lukeleal.com/research/posts…

@riper81 @mirphak @unmaskparasites Yeah it is...I get crawlers searching for the same file names, too.

So ALFA Team is still a thing ? @mirphak @unmaskparasites @rootprivilege a lot of probes looking for: /alfa-rex2.php7 /alfa-rex.PhP7 /alfa-ioxi.php /alfa-shell-v4.php /alfa-v4.php /alfa-hidden.php /alfa-rebirthhaxor_shell.php /alfa-riot.php /alfa-v3-encoded.php /ALFA_DATA/

@JCyberSec_ @DCPCU_tweets fake louis bag just chilling on the table next to the joint crutch and emptied cigarette 😂 nice work!

📢Using intel which my team generated Officers from Londons Police @DCPCU_tweets executed four search warrants across England relating to #phishing SMS campaigns linked to Hi Mum/Dad #Familyscams 🔍🚓 👀Gotta love when a plan comes together🚨 linkedin.com/feed/update/ur…

@nullcookies "All the rumors, the human sacrifices, the Hell portal, the demons... it's all true" let us know where to go to enjoy the synths 🙂

@1ZRR4H What's the redacted domain name from $inter_domain that is being used to pull the SEO spam from? The sample I have looks like an older one and its domain isn't active anymore.

A threat actor is compromising websites to deploy this PHP tool, used for SEO Poisoning via Google 👀 It receives the content and keywords from C2, injects them into the sitemaps and submits them to the Google Sitemap Ping service.

@nullcookies @BanningLyon Great story! Sadly National Medical Enterprises failed upwards and is now known as Tenet Healthcare (THC) en.wikipedia.org/wiki/Tenet_Hea…

A deeply moving piece by @BanningLyon about the incredible healing that happens in the alpine. washingtonpost.com/lifestyle/2023…

@ViriBack I got a laugh out of this #malware vendor's reaction to a past tweet from you about finding a #Gomorrah #stealer C2 panel

@tdreed00 @ANeilan @HGSupport @nullcookies @dyngnosis @dave_daves @JCyberSec_ @sysgoblin @n0p1shing @Spam404 @KB_Intel @SteveD3 It's still online =\ but at least Google hit it with the red page so that helps

#Arkei #Stealer malware C2 panel using a login page that mimics the #WordPress login page but is actually connected to the C2 panel's database. Used to evade detection so the panel can stay active on compromised websites for longer. #malware #cybersecurity #C2

@ULTRAFRAUD @idclickthat @ActorExpose @bumbl3r @ANeilan @AlvieriD @illegalFawn who has the best ascii art? el zero or xbalti?

ElZero Xsniper Admin Panel ✅ #phishing #phishingkit @idclickthat @ActorExpose @bumbl3r @ANeilan @AlvieriD @illegalFawn

@j2k3k Isn't that how you get CS:GO from this Sierra published masterpiece?

@JCyberSec_ I don't think they should be criminally prosecuted unless there is gross negligence and/or the telecom intentionally allowed the abuse.

🚨Phone companies that fail to block scam texts should be prosecuted❓ 📣“Telecom companies have avoided responsibility when it comes to scam texts and calls. A corporate criminal offence should be introduced” 🌐telegraph.co.uk/money/consumer…

#strox phishing pages also have the capability to steal #2FA OTP from victims (along with their email account, personal documents, etc - fullz)

#strox runs an impressive #phishing op, #PHaaS, which removes barriers of entry into phishing. #strox will rent you everything but the domain. e.g bulletproof host, phishing page, & market to sell the phished logins, etc #cybersecurity #infosec #malware lukeleal.com/research/posts…

@CryptoprenuerUK @JCyberSec_ This actor has made the barrier of entry even lower...they provide everything but the domain. They even have a market to sell the phished logins. Also they never directly provide the kits and they use a subscription model ($3/day, 10 day min). I'll drop a post on it later today.

@JCyberSec_ @rootprivilege On the subject of OTP phish pages this always bothered me "standard kits" we see just rely on the victim to enter any old BS in order for the phish to move on "OH yeah I'll just enter anything as the code didn't come must be legit" 🤣 No wonder barrier to entry is so low

#phishing operator #strox added a feature so their phishers can go to sleep and not have to be sit around waiting 24/7 for the phished #2FA #OTP codes due to the short time limit on using them 😂😂 #infosec #cybersecurity #malware

@JCyberSec_ Yeah they can still get fullz and also access to the email account associated with banking login (assuming victim submits this data).

@rootprivilege Let me get this clear, if the actor turns it off the site just doesn't show the OTP page? So the actor ends up with a username:password but no 2FA so they can't actually do anything with the logins?

@JayTHL @TwitterSupport @Cryptolaemus1 Twitter appeals are ridiculously one sided and a serious problem on this platform. It's extremely frustrating. Hope you win this one.

@glotcode Hi - is there any way to report malicious activity on some of the pastes you host?

@nullcookies My understanding is that those videos aren't eligible for Adsense payouts so not sure where the money goes to... 🤔

There are people who value advertiser revenue from clicks on lunatic conspiratorial YouTube videos over the lives of our elders. Let’s call misinformation outlets what they truly are—fraudsters. Let’s call fraud what it truly is—evil.

@joshlemon Thanks! I have more posts on skimmers that go more in depth on how they operate on ecommerce websites (both #javascript and #php based skimmers) lukeleal.com/research/tags/…

Want to take a look at what a #Magecart skimmer looks like? @rootprivilege has done a lot of the hard work deobfuscating the JavaScript and providing some pointers on how it works. #malware #DFIR