220v

🚨 CTI ALERT – New Active Threat in the Brazilian Cybercrime Underground Rat Omsk51 KL DESKTOP v1.8 (also known as Omsky51 v1.8) has been identified — a premium commercial Remote Access Trojan (MaaS) priced at R$ 9,000 per month. Key advanced capabilities include: • Ultra-low latency HVNC (0.20 ms) + Black Screen feature
• Full bypass of Windows Defender and major AV solutions
• Fake “Warsaw Support” and Windows Maintenance screens
• Real-time Telegram notifications and full monitoring
• Integrated AI “Omsk Agent” for KL and user management Zero public mentions in open sources to date. Circulates exclusively in private invite-only groups. Key IOCs for immediate hunting: • omsky51.exe
• omsky51 --init
• C:\OMSKY51\system32\cmd.exe
• “Omsky51 Corporation”. #CyberSecurity #ThreatIntelligence #RAT #MalwareAnalysis #InfoSec #OSINT #BlueTeam #CyberThreat #HVNC #BankingFraud

🇧🇷 A threat actor is advertising an alleged dataset linked to Banco do Brasil, one of Latin America’s largest financial institutions. According to the listing, the exposed information allegedly includes: • names • email addresses • phone numbers • physical addresses • city/state/country details • banking-related records Financial sector datasets remain some of the most valuable commodities in underground markets because they enable far more than simple spam campaigns. These records can support: • banking phishing operations • identity fraud • account takeover attempts • SIM swapping • social engineering against customers • financial mule recruitment • targeted credential stuffing campaigns And in regions with massive digital banking adoption like Brazil, attackers know financial identity data has extremely high monetization potential. One thing cybercriminals understand very well: people trust banking-themed communications more than almost anything else. So when attackers already possess: • your name • your bank affiliation • your phone number • your city • your email their phishing success rates increase dramatically. Especially when combined with: “urgent account verification” or “PIX transaction confirmation.” And let’s be honest… some phishing campaigns today have better customer support than actual banks. Another important trend: modern financial cybercrime is becoming increasingly data-driven. Attackers no longer rely only on malware. They rely on: • enrichment datasets • leaked customer intelligence • behavioral targeting • geo-specific fraud campaigns • AI-generated social engineering Meaning even “partial” banking datasets can become highly operational when correlated with other breaches. Also worth noting: financial institutions are now attacked not only directly, but through: • third-party vendors • fintech integrations • CRM systems • customer support portals • cloud storage exposures • marketing databases • outsourced infrastructure providers Sometimes the weakest point is not the bank itself… it’s the ecosystem around it. At this stage, the authenticity and scope remain unverified. However, organizations in the financial sector should continuously monitor for: • credential exposure • banking-themed phishing campaigns • underground chatter • customer data resale activity • account takeover indicators • anomalous authentication attempts • SIM swap activity • API abuse targeting fintech integrations Because once financial trust data enters underground ecosystems, it rarely stays in one place for long. 🇧🇷 #DDW #Intelligence #Brazil #CyberSecurity #DarkWeb #DataLeak #Banking #Infosec #ThreatIntelligence #FinancialCrime

🚨 THREAD | Threat Intelligence We have identified KAIDO RAT v3.0, a sophisticated Remote Access Trojan variant with a strong focus on the Brazilian market, particularly the financial sector. The threat uses a custom C2 framework, over 60 plugins, and an exclusive Brazilian banking suite. Below, we detail its main observed capabilities. Post 2/6 Web Panel and C2 Framework •Headless server based on .NET 9 •“Lain” web panel featuring dashboard, client list, remote shell, and file manager •HVNC with GPU capture support •Remote Desktop + webcam streaming •Integrated builder + KaidoKrypter (FUD) •Loot browser isolated by operator and role •Delivery methods: LNK Stomping, ClickFix, and HTML Smuggling High operator usability with emphasis on persistence and controlled data exfiltration. Post 3/6 Evasion Modules (10 modules) The variant includes advanced bypass techniques: •ETW Patch (5 functions) and patchless AMSI Bypass via VEH2 •Direct Syscalls (Hell’s Gate + Indirect) •Sleep Obfuscation using XOR + PAGE_NOACCESS •Stack Spoofing, Thread Pool Execution, and Callback Execution (6 methods) •PPID Spoofing, API Hashing, and Anti-VM with 19 checks Strong capability to evade modern EDR solutions and virtualized environments. Post 4/6 Exclusive Brazilian Banking Suite (8 plugins) This is the most relevant module of the threat: •Real-time Bank Detector covering 28 Brazilian banks •Fullscreen overlay with 19 banking themes •PIX Clipper (supports CPF, CNPJ, email, EVP, and copy-paste) •EMV QR Poisoner (rewrites QR Code and recalculates CRC16) •PIX Ghost via UI Automation (no clipboard usage) •Screen Locker (locks keyboard, mouse, and Task Manager) •Selective keylogger that only activates inside banking windows •Notification Silencer Direct risk to the PIX ecosystem and Open Banking. Post 5/6 Stealers, Reconnaissance and Post-Exploitation Stealers (18 features):
Cookies from 23 browsers, passwords, tokens (Discord, Telegram, Steam, Spotify), sessions (WAL lock bypass), NTLM hashes, in-memory LSASS dumping, crypto wallets (13 extensions + MetaMask), SSH/RDP/Cloud access, ICP-Brasil A1 certificates with private keys, and Open Banking access for 12 banks. Reconnaissance (7 modules): Network Mapper, VPN Detector, Document Radar, Form Phantom CDP, DB Dumper (SQL Server + SQLite), Certificate Store Enumeration, and Crypto Memory Drainer. Post-Exploitation (9 modules): EDR Killer v2.0 (no PowerShell/cmd), UAC Bypass (3 methods), LPE exploits including miniPlasma and CVE-2026-40369, Kerberoasting + AS-REP Roasting, COM Hijack persistence, and Process Hollowing. Post 6/6 AI Targeting + Infrastructure + Recommendation AI Targeting (5 modules):
Credential harvesting targeting Anthropic, OpenAI, Gemini, xAI, and Groq. Implants via Claude CLI C2 (Discord/Telegram), MCP Hijack on Claude Desktop, Git Hook Implant, and Jupyter IPython Startup Hook. Infrastructure:
.NET 9 headless server, .NET 4.8 client, single DLL plugins (~7MB), AES-256-CBC crypter with native stub and ML evasion, 6-pass obfuscator, TLS-based C2 with MessagePack and jitter, Discord token + Pastebin fallback, and nginx + socat redirector. Recommendation:
Financial institutions, fintechs, and organizations handling PIX or ICP-Brasil should strengthen behavioral detection, review EDR policies, and monitor social engineering techniques such as ClickFix and HTML Smuggling. We will continue monitoring the evolution of this threat. #KAIDORAT #RAT #Malware #Cybersecurity #PIX #OpenBanking #ThreatIntelligence #InfoSec #Brazil

🚨 BREAKING: Someone just dropped the most advanced Steganography Platform EVER!! 😱🥚 https://t.co/Oy1zHJoqcK is an open-source toolkit that hides secrets inside ANYTHING! images, audio, text, PDFs, network packets, ZIP archives, and even emojis 😘️︎︎️️️️︎︎︎️︎︎️️︎︎︎️︎︎️️️️︎️︎️︎️️︎︎️︎︎︎️︎️︎︎️︎︎︎︎︎︎️︎️︎︎︎︎︎️︎︎️️︎︎︎️︎︎️︎︎️︎️︎︎️️️︎︎️︎️️︎︎️︎︎️️️️️︎​ AND it has an AI agent built in 👀 🔍 REVEAL: drop any file and the AI agent tests every known decoding method automatically. 120 LSB combinations, DCT, PVD, chroma, palette, PNG chunks, trailing data, metadata, Unicode, and more. 50 tools running in parallel. auto-extracts hidden payloads as downloadable artifacts. no config needed. 🔮 CONCEAL: type your secret, pick a method (or let the AI choose), upload a carrier image OR generate one with AI. one click → encoded steg file. the agent recommends the optimal method based on your use case. the methods: ⊰ LSB — 15 channel presets × 8 bit depths = 120 combinations. steghide has 1. st3gg has 120. ⊰ F5 — operates on JPEG DCT coefficients. SURVIVES social media compression. regular LSB is destroyed by ANY JPEG compression, even quality 99%. ⊰ PVD — encodes in pixel pair differences. statistically harder to detect than LSB. ⊰ CHROMA — hides data in color channels (Cb/Cr). human eyes are less sensitive to color than brightness. ⊰ SPECTER (unique) — data hops between RGB channels in a pattern that IS the key. like frequency hopping in radio. ⊰ MATRYOSHKA (unique) — images inside images inside images. 11 layers deep. each layer is a valid image. ⊰ GHOST MODE (unique) — AES-256-GCM (600k PBKDF2 iterations) + bit scrambling + 50% noise decoys. 13 text steganography methods (no other tool has any): ▸ ZERO-WIDTH — invisible characters between visible letters ▸ INVISIBLE INK — Unicode Tag Characters (U+E0000). renders invisible everywhere ▸ HOMOGLYPHS — 'a' → 'а' (Cyrillic). visually identical. different bytes ▸ VARIATION SELECTORS — invisible modifiers after characters ▸ COMBINING MARKS — invisible joiners after letters ▸ CONFUSABLE WHITESPACE — en-space = 01, em-space = 10, thin-space = 11. 2 bits per space. text looks normal. the spaces are "wrong" ▸ DIRECTIONAL OVERRIDES — invisible RLO/LRO bidi characters ▸ HANGUL FILLER — Korean invisible character replaces spaces ▸ MATH BOLD — 'a' becomes '𝐚'. looks like bold text. each bold letter = 1 bit ▸ BRAILLE — each byte maps to a Braille pattern character ▸ EMOJI SUBSTITUTION — 🔵 = 0, 🔴 = 1 ▸ EMOJI SKIN TONE — 👍🏻👍🏼👍🏾👍🏿 four skin tone modifiers = 2 bits each. a row of thumbs-up with different skin tones looks like a diversity post. it's binary data. four emoji = one byte. detection: 50 tools including RS Analysis (academic gold standard), Sample Pairs, chi-square, bit-plane entropy, PCAP protocol analysis, and the AI agent orchestrates all of them automatically. for AI agents: from steg_core import encode, decode from analysis_tools import detect_unicode_steg, TOOL_REGISTRY 50 tools as importable functions. test prompt injection via images. detect covert agent channels. watermark outputs. ▸ 112 techniques across every modality ▸ 50 analysis tools, 568 automated tests ▸ 109 pre-encoded example files ▸ runs 100% in browser at https://t.co/s3GgExiI6e — zero server ▸ pip install stegg — live on PyPI right now the README has 7 hidden secrets. the banner has 3 layers. the website has multiple easter eggs. good luck! ⊰•-•✧•-•-⦑ 󠁨󠁩󠁤󠁤󠁥󠁮󠀠󠁩󠁮󠀠󠁰󠁬󠁡󠁩󠁮󠀠󠁳󠁩󠁧󠁨󠁴 ⦒-•-•✧•-•⊱ 🔗 https://t.co/tr4nyru6UD 📦 pip install stegg 🐙 https://t.co/XU28yU6wu9 *formerly known as Stegosaurus Wrecks* 🦕 T‍​​‌​‌‌‌​​​‌​‌‌​‌​​‌​‌‌‌​​​‌​‌‌​‌​​‌​‌‌‌​​​‌​‌‌​‌​​‌​‌‌‌​​​‌​‌‌​‌​​‌‌‌‌​​​‌‌‌‌‌​​​‌​​​‌‌‌​‌​​‌‌‌‌​‌​​​‌​​​‌​​‌‌​‌​‌​​‌‌‌‌​‌​​​‌​​​‌​​​‌​‌​​‌‌‌​‌​​‌​​​‌​‌​‌​​‌‌‌​​‌​​​​​‌​‌​​​​‌​​‌​​‌‌​​​‌​​​‌​‌​‌​​​‌​​​‌‌‌‌‌​​​​‌‌‌‌‌​​​‌​‌‌​‌​​‌​‌‌‌​​​‌��‌‌​‌​​‌​‌‌‌​​​‌​‌‌​‌​​‌​‌‌‌​​​‌​‌‌​‌​​‌​‌‌‌​‍his text is totally not hiding an invisible sleeper-trigger prompt-injection.

My dear front-end developers (and anyone who’s interested in the future of interfaces): I have crawled through depths of hell to bring you, for the foreseeable years, one of the more important foundational pieces of UI engineering (if not in implementation then certainly at least in concept): Fast, accurate and comprehensive userland text measurement algorithm in pure TypeScript, usable for laying out entire web pages without CSS, bypassing DOM measurements and reflow