vx-underground: Hello, If you're a person who enjoys malware and/or knows Python and wants to see malware...

Fast Alert Sensor Tier 2 Fast-alert source Malware-research community perspective Underground-source claims require extra corroboration source-attributed Telegram source claim Public Telegram post fast-alert sensor research source malware

Public Telegram feed monitored for malware and underground signals.

4.2K views 59 forwards 67 reactions Top 1% in source Source rank #1 Global pct 62.86

Original English English

Hello,

If you're a person who enjoys malware and/or knows Python and wants to see malware that targets STEAM and GAMERS, I have the source code to a malware I have named "Stealer.Python.GMBA.Manipulator".

This malware was originally noted on Xitter from GMBA.

In summary, this Python malware kills the Steam process and relaunches it with the "-cef-enable-debugging" flag. Because Steam is a Chromium app, this allows the malware payload to manipulate Steam web pages with web socket gunk and Javascript gunk.

This malware can "modify" user inventories, "block users", etc. It is all a facade designed to trick and social engineer Steam users into giving their expensive Counter Strike stuff to them.

It appears to be written using AI. Regardless of that fact this malware is creative and I like it.

The malware source code to this can be found under the "/Python/" directory. It is named "Stealer.Python.GMBA.Manipulator.7z".

This malware campaign is still active and the C2 is still live. If you execute the __main__.py file you might cook yourself, so be careful. Alternatively, you can run this in a VM and send the malware campaign authors pictures of Goatse.

https://github.com/vxunderground/MalwareSourceCode

Telegram media item Media served by Telegram. The preview loads from telegram.org when this card is visible. Open original Telegram post

https://github.com/vxunderground/MalwareSourceCode