Greenplan @greenplan_it - Twitter Profile

9 days ago

We discovered fake installers impersonating popular software including ChatGPT, Claude, AutoTune, and Kontakt on GitHub and SourceForge distributing a Deno backdoor known as DinDoor. Attackers are using compromised YouTube channels to distribute links to the malicious software.

Malwarebytes's tweet photo. We discovered fake installers impersonating popular software including ChatGPT, Claude, AutoTune, and Kontakt on GitHub and SourceForge distributing a Deno backdoor known as DinDoor.

Attackers are using compromised YouTube channels to distribute links to the malicious software. https://t.co/jv2PAVeJhI

1

47

22

7

5K

Greenplan @greenplan_it

15 days ago

@JaromirHorejsi CountLoader?

1

0

30

Greenplan @greenplan_it

17 days ago

@Acronis Interesting, thanks! The "ClawHub-DependencyInstaller" is NWHStealer https://t.co/feZkTsVG2B

0

51

Greenplan @greenplan_it

28 days ago

@thomasklemenc The $77config registry keys look similar to these ones: https://t.co/iWGTMgKAvM 🤔

0

2

0

397

greenplan_it retweeted

Malwarebytes @Malwarebytes

28 days ago

Threat actors are abusing a Javascript runtime called Bun to spread NWHStealer. Bun’s relatively newer ecosystem helps attackers hide malicious code in larger executables and potentially evade detection.

Malwarebytes's tweet photo. Threat actors are abusing a Javascript runtime called Bun to spread NWHStealer.

Bun’s relatively newer ecosystem helps attackers hide malicious code in larger executables and potentially evade detection. https://t.co/TzUlglG1Im

3

48

13

10

5K

Greenplan @greenplan_it

30 days ago

@smica83 @abuse_ch name:"IMG-*.png.lnk" and you obtain all of them :)

0

1

0

18

Greenplan @greenplan_it

about 1 month ago

@rst_cloud RenPy Loader? 🤔

0

10

greenplan_it retweeted

x64dbg @x64dbg

about 1 month ago

New version is out!

2

191

32

30

20K

greenplan_it retweeted

Malwarebytes @Malwarebytes

about 1 month ago

A fake TradingView AI agent site is delivering Needle Stealer malware via a fake trading agent called TradingClaw that can take over your browser, steal your accounts and financial data, and open the door to further attacks.

Malwarebytes's tweet photo. A fake TradingView AI agent site is delivering Needle Stealer malware via a fake trading agent called TradingClaw that can take over your browser, steal your accounts and financial data, and open the door to further attacks. https://t.co/ZQkVZlLbzM

5

34

7

6

5K

greenplan_it retweeted

fab0 @FABO97662188

about 1 month ago

#cybersecurity #malware #clickfix #macos #botconf Hi, I’ve decided to share a tool I wrote in my spare time. The app is designed to track the ongoing ClickFix campaign targeting macOS and Win users and collect compromised websites. https://t.co/4STTrVRl3G Hey @madzincyber :)

FABO97662188's tweet photo. #cybersecurity #malware #clickfix #macos #botconf
Hi, I’ve decided to share a tool I wrote in my spare time. The app is designed to track the ongoing ClickFix campaign targeting macOS and Win users and collect compromised websites.
https://t.co/4STTrVRl3G
Hey @madzincyber :) https://t.co/crjNRmNLn0

4

30

14

12

5K

Greenplan @greenplan_it

about 2 months ago

Check out my latest research! https://t.co/AgJSL4V5k5

0

1

0

67

Greenplan @greenplan_it

about 2 months ago

@BreakGlassIntel Weedhack https://t.co/KiR8GT86vv

0

1

0

1

281

Greenplan @greenplan_it

about 2 months ago

@RussianPanda9xx Yes..... a real nightmare

0

27

greenplan_it retweeted

bbsz

@blackbigswan

about 2 months ago

Malwarebytes covered that pretty well https://t.co/jWH6tJDlbZ And here's vibe coded Clickfix script: https://t.co/YARdlokXRl

0

6

3

1

714

Greenplan @greenplan_it

2 months ago

@RexorVc0 Such great news!! already added to my cart :D

1

0

310

Greenplan @greenplan_it

2 months ago

@malwrhunterteam @smica83 Related to Amatera Stealer

0

1

0

53

greenplan_it retweeted

Malwarebytes @Malwarebytes

3 months ago

We’ve identified a campaign using job interviews, project briefs, and financial documents hosted on Google Forms to distribute malware, including the PureHVNC RAT. https://t.co/bErOCficA0

2

32

10

9

4K

greenplan_it retweeted

Malwarebytes @Malwarebytes

3 months ago

Compromised websites are being used to deliver Vidar infostealer through fake CAPTCHA. https://t.co/K8ToVY3gMu

3

37

8

3K

greenplan_it retweeted

Jesko Hüttenhain @huettenhain

3 months ago

If you like both #BinaryRefinery and #Claude, try out this skill I wrote: https://t.co/hcpOVJf5kb

0

34

11

21

8K

Greenplan @greenplan_it

4 months ago

@smica83 @abuse_ch It support different commands and RAT capabilities, but I can't find a particular attribution take_screenshot download_file start_terminal remote_desktop self_uninstall shutdown_host windows_service ws_auth_token

greenplan_it's tweet photo. @smica83 @abuse_ch It support different commands and RAT capabilities, but I can't find a particular attribution

take_screenshot
download_file
start_terminal
remote_desktop
self_uninstall
shutdown_host
windows_service
ws_auth_token https://t.co/yCRh4psFtM

0

1

0

43

Greenplan @greenplan_it

4 months ago

@smica83 @abuse_ch It executes a Golang malware, it's interesting because it brute force part of the AES key😂 Decrypted URLs: https[:]//stat.web-analytics.workers.dev/ https[:]//download.stable-releases.workers.dev/ https[:]//gtm.tagmanager.workers.dev/ https[:]//js.webframework.workers.dev/

greenplan_it's tweet photo. @smica83 @abuse_ch It executes a Golang malware, it's interesting because it brute force part of the AES key😂

Decrypted URLs:
https[:]//stat.web-analytics.workers.dev/
https[:]//download.stable-releases.workers.dev/
https[:]//gtm.tagmanager.workers.dev/
https[:]//js.webframework.workers.dev/ https://t.co/gyDt7OR92z

2

1

0

63

Greenplan

@greenplan_it

Last Seen Users on Sotwe

Trends for you

Most Popular Users