Top Tweets for #GrokPy
We’ve identified an interesting malware family 🔍, which we’ve named #GrokPy due to its use of a Grok LLM model 🤖 to solve and subsequently bypass CAPTCHAs 🔥
The malware gets dropped by #Amadey and:
🪝 collects information about the infected device, such as screen resolution, public IP & location, ram usage and CPU name
💻 attempts to escalate privileges by running as admin or as a scheduled task
⚙️ uses the CDP (Chrome developer protocol) of either Edge or Chrome installed on the victim machine for further malicious actions
📡 calls back to the botnet C2 on the various stages of the infection and the results of its malicious actions
👱 creates new accounts on Discord to obtain authentication tokens, which are then reported back to the botnet C2
📧 uses dilly + [a-zA-Z0-9]{8,11}@gmail.com + password [a-zA-Z0-9]{8} as the email and password for the Discord registration process
🔍 has OCR capabilities for screenshots obtained via CDP, which are used to extract text from captcha
🤖 uses a Grok LLM model that resides in the botnet C2 server to solve the captcha
Botnet C2 servers are all hosted at @Hetzner_Online 🇩🇪on port 8008 TCP:
46[.]62.225.51 [active]
46[.]62.224.205
46[.]62.205.38
GrokPy malware samples on MalwareBazaar:
📄https://t.co/xlqOWu0hLd
Botnet C2s on ThreatFox:
🦊https://t.co/O1LpU8kYBl
![abuse_ch's tweet photo. We’ve identified an interesting malware family 🔍, which we’ve named #GrokPy due to its use of a Grok LLM model 🤖 to solve and subsequently bypass CAPTCHAs 🔥
The malware gets dropped by #Amadey and:
🪝 collects information about the infected device, such as screen resolution, public IP & location, ram usage and CPU name
💻 attempts to escalate privileges by running as admin or as a scheduled task
⚙️ uses the CDP (Chrome developer protocol) of either Edge or Chrome installed on the victim machine for further malicious actions
📡 calls back to the botnet C2 on the various stages of the infection and the results of its malicious actions
👱 creates new accounts on Discord to obtain authentication tokens, which are then reported back to the botnet C2
📧 uses dilly + [a-zA-Z0-9]{8,11}@gmail.com + password [a-zA-Z0-9]{8} as the email and password for the Discord registration process
🔍 has OCR capabilities for screenshots obtained via CDP, which are used to extract text from captcha
🤖 uses a Grok LLM model that resides in the botnet C2 server to solve the captcha
Botnet C2 servers are all hosted at @Hetzner_Online 🇩🇪on port 8008 TCP:
46[.]62.225.51 [active]
46[.]62.224.205
46[.]62.205.38
GrokPy malware samples on MalwareBazaar:
📄https://t.co/xlqOWu0hLd
Botnet C2s on ThreatFox:
🦊https://t.co/O1LpU8kYBl](https://pbs.twimg.com/media/G6xb0yvXcAAdgRJ.jpg)
We’ve identified an interesting malware family 🔍, which we’ve named #GrokPy due to its use of a Grok LLM model 🤖 to solve and subsequently bypass CAPTCHAs 🔥
The malware gets dropped by #Amadey and:
🪝 collects information about the infected device, such as screen resolution, public IP & location, ram usage and CPU name
💻 attempts to escalate privileges by running as admin or as a scheduled task
⚙️ uses the CDP (Chrome developer protocol) of either Edge or Chrome installed on the victim machine for further malicious actions
📡 calls back to the botnet C2 on the various stages of the infection and the results of its malicious actions
👱 creates new accounts on Discord to obtain authentication tokens, which are then reported back to the botnet C2
📧 uses dilly + [a-zA-Z0-9]{8,11}@gmail.com + password [a-zA-Z0-9]{8} as the email and password for the Discord registration process
🔍 has OCR capabilities for screenshots obtained via CDP, which are used to extract text from captcha
🤖 uses a Grok LLM model that resides in the botnet C2 server to solve the captcha
Botnet C2 servers are all hosted at @Hetzner_Online 🇩🇪on port 8008 TCP:
46[.]62.225.51 [active]
46[.]62.224.205
46[.]62.205.38
GrokPy malware samples on MalwareBazaar:
📄https://t.co/xlqOWu0hLd
Botnet C2s on ThreatFox:
🦊https://t.co/O1LpU8kYBl
![abuse_ch's tweet photo. We’ve identified an interesting malware family 🔍, which we’ve named #GrokPy due to its use of a Grok LLM model 🤖 to solve and subsequently bypass CAPTCHAs 🔥
The malware gets dropped by #Amadey and:
🪝 collects information about the infected device, such as screen resolution, public IP & location, ram usage and CPU name
💻 attempts to escalate privileges by running as admin or as a scheduled task
⚙️ uses the CDP (Chrome developer protocol) of either Edge or Chrome installed on the victim machine for further malicious actions
📡 calls back to the botnet C2 on the various stages of the infection and the results of its malicious actions
👱 creates new accounts on Discord to obtain authentication tokens, which are then reported back to the botnet C2
📧 uses dilly + [a-zA-Z0-9]{8,11}@gmail.com + password [a-zA-Z0-9]{8} as the email and password for the Discord registration process
🔍 has OCR capabilities for screenshots obtained via CDP, which are used to extract text from captcha
🤖 uses a Grok LLM model that resides in the botnet C2 server to solve the captcha
Botnet C2 servers are all hosted at @Hetzner_Online 🇩🇪on port 8008 TCP:
46[.]62.225.51 [active]
46[.]62.224.205
46[.]62.205.38
GrokPy malware samples on MalwareBazaar:
📄https://t.co/xlqOWu0hLd
Botnet C2s on ThreatFox:
🦊https://t.co/O1LpU8kYBl](https://pbs.twimg.com/media/G6xb0yvXcAAdgRJ.jpg)
Last Seen Hashtags on Sotwe
FAMOU
Seen from United States
throat
Seen from United States
สาวสองโคราช
Seen from Thailand
monkeyapp
Seen from United States
egyptworldcup
cum
Seen from Turkey
malatyagay
Seen from Turkey
bahcesehirtraveſti
Seen from Turkey
momson or #exny or #nolimit(****) +filter:native_video
Seen from United States
眼镜娘
Seen from United States
Trends for you
Most Popular Users

Elon Musk 
@elonmusk
240.8M followers

Barack Obama 
@barackobama
119.2M followers

Donald J. Trump 
@realdonaldtrump
111.7M followers

Cristiano Ronaldo 
@cristiano
111M followers

Narendra Modi 
@narendramodi
107M followers

Rihanna 
@rihanna
97.8M followers

NASA 
@nasa
92.2M followers

Justin Bieber 
@justinbieber
91M followers

KATY PERRY 
@katyperry
87.9M followers

Taylor Swift 
@taylorswift13
81.7M followers

Lady Gaga 
@ladygaga
73.3M followers

Virat Kohli 
@imvkohli
70.2M followers

Kim Kardashian 
@kimkardashian
69.9M followers

YouTube 
@youtube
68.7M followers

Bill Gates 
@billgates
64M followers

Neymar Jr 
@neymarjr
63M followers

The Ellen Show
@theellenshow
62.4M followers

CNN 
@cnn
61.9M followers

Selena Gomez 
@selenagomez
61M followers

X 
@x
60.8M followers


![abuse_ch's tweet photo. We’ve identified an interesting malware family 🔍, which we’ve named #GrokPy due to its use of a Grok LLM model 🤖 to solve and subsequently bypass CAPTCHAs 🔥
The malware gets dropped by #Amadey and:
🪝 collects information about the infected device, such as screen resolution, public IP & location, ram usage and CPU name
💻 attempts to escalate privileges by running as admin or as a scheduled task
⚙️ uses the CDP (Chrome developer protocol) of either Edge or Chrome installed on the victim machine for further malicious actions
📡 calls back to the botnet C2 on the various stages of the infection and the results of its malicious actions
👱 creates new accounts on Discord to obtain authentication tokens, which are then reported back to the botnet C2
📧 uses dilly + [a-zA-Z0-9]{8,11}@gmail.com + password [a-zA-Z0-9]{8} as the email and password for the Discord registration process
🔍 has OCR capabilities for screenshots obtained via CDP, which are used to extract text from captcha
🤖 uses a Grok LLM model that resides in the botnet C2 server to solve the captcha
Botnet C2 servers are all hosted at @Hetzner_Online 🇩🇪on port 8008 TCP:
46[.]62.225.51 [active]
46[.]62.224.205
46[.]62.205.38
GrokPy malware samples on MalwareBazaar:
📄https://t.co/xlqOWu0hLd
Botnet C2s on ThreatFox:
🦊https://t.co/O1LpU8kYBl](https://pbs.twimg.com/media/G6xbt90WcAAI8Pc.jpg)
![abuse_ch's tweet photo. We’ve identified an interesting malware family 🔍, which we’ve named #GrokPy due to its use of a Grok LLM model 🤖 to solve and subsequently bypass CAPTCHAs 🔥
The malware gets dropped by #Amadey and:
🪝 collects information about the infected device, such as screen resolution, public IP & location, ram usage and CPU name
💻 attempts to escalate privileges by running as admin or as a scheduled task
⚙️ uses the CDP (Chrome developer protocol) of either Edge or Chrome installed on the victim machine for further malicious actions
📡 calls back to the botnet C2 on the various stages of the infection and the results of its malicious actions
👱 creates new accounts on Discord to obtain authentication tokens, which are then reported back to the botnet C2
📧 uses dilly + [a-zA-Z0-9]{8,11}@gmail.com + password [a-zA-Z0-9]{8} as the email and password for the Discord registration process
🔍 has OCR capabilities for screenshots obtained via CDP, which are used to extract text from captcha
🤖 uses a Grok LLM model that resides in the botnet C2 server to solve the captcha
Botnet C2 servers are all hosted at @Hetzner_Online 🇩🇪on port 8008 TCP:
46[.]62.225.51 [active]
46[.]62.224.205
46[.]62.205.38
GrokPy malware samples on MalwareBazaar:
📄https://t.co/xlqOWu0hLd
Botnet C2s on ThreatFox:
🦊https://t.co/O1LpU8kYBl](https://pbs.twimg.com/media/G6xbgMbXMAA6Q_U.jpg)
![abuse_ch's tweet photo. We’ve identified an interesting malware family 🔍, which we’ve named #GrokPy due to its use of a Grok LLM model 🤖 to solve and subsequently bypass CAPTCHAs 🔥
The malware gets dropped by #Amadey and:
🪝 collects information about the infected device, such as screen resolution, public IP & location, ram usage and CPU name
💻 attempts to escalate privileges by running as admin or as a scheduled task
⚙️ uses the CDP (Chrome developer protocol) of either Edge or Chrome installed on the victim machine for further malicious actions
📡 calls back to the botnet C2 on the various stages of the infection and the results of its malicious actions
👱 creates new accounts on Discord to obtain authentication tokens, which are then reported back to the botnet C2
📧 uses dilly + [a-zA-Z0-9]{8,11}@gmail.com + password [a-zA-Z0-9]{8} as the email and password for the Discord registration process
🔍 has OCR capabilities for screenshots obtained via CDP, which are used to extract text from captcha
🤖 uses a Grok LLM model that resides in the botnet C2 server to solve the captcha
Botnet C2 servers are all hosted at @Hetzner_Online 🇩🇪on port 8008 TCP:
46[.]62.225.51 [active]
46[.]62.224.205
46[.]62.205.38
GrokPy malware samples on MalwareBazaar:
📄https://t.co/xlqOWu0hLd
Botnet C2s on ThreatFox:
🦊https://t.co/O1LpU8kYBl](https://pbs.twimg.com/media/G6xbbUrXEAAfACn.jpg)