tuckner
@johntuckner.me
Working on finding bad software extensions. More at: https://secureannex.com
November 7, 2025 at 4:25 PM
Right I should've included the execution part as well as the packaged decrypt tool with instructions.
November 7, 2025 at 1:57 AM
Right I should've included the execution part as well as the packaged decrypt tool with instructions.
Idk folks this AI generated C2 code I found this week might have you shocked
November 7, 2025 at 1:43 AM
Idk folks this AI generated C2 code I found this week might have you shocked
Reposted by tuckner
-Couple loses fortune to scammers
-Valid accounts still rule the day for initial access
-Open VSX rotate leaked creds
-ZeroAccess botnet dev is now a software dev
-BadCandy flourishes in Australia
-New Katreus miner
-Malware reports on Aura Stealer, SectopRAT, SleepyDuck RAT, OysterLoader
-Valid accounts still rule the day for initial access
-Open VSX rotate leaked creds
-ZeroAccess botnet dev is now a software dev
-BadCandy flourishes in Australia
-New Katreus miner
-Malware reports on Aura Stealer, SectopRAT, SleepyDuck RAT, OysterLoader
November 3, 2025 at 9:32 AM
-Couple loses fortune to scammers
-Valid accounts still rule the day for initial access
-Open VSX rotate leaked creds
-ZeroAccess botnet dev is now a software dev
-BadCandy flourishes in Australia
-New Katreus miner
-Malware reports on Aura Stealer, SectopRAT, SleepyDuck RAT, OysterLoader
-Valid accounts still rule the day for initial access
-Open VSX rotate leaked creds
-ZeroAccess botnet dev is now a software dev
-BadCandy flourishes in Australia
-New Katreus miner
-Malware reports on Aura Stealer, SectopRAT, SleepyDuck RAT, OysterLoader
Full details here - secureannex.com/blog/sleepyd...
SleepyDuck malware invades Cursor through Open VSX
The advanced SleepyDuck IDE extension RAT uses Ethereum contracts for persistence.
secureannex.com
November 3, 2025 at 4:34 PM
Full details here - secureannex.com/blog/sleepyd...
You can watch these updates by monitoring the contract. For instance this was an update of the C2 server from localhost to it's currently active domain.
November 3, 2025 at 4:34 PM
You can watch these updates by monitoring the contract. For instance this was an update of the C2 server from localhost to it's currently active domain.
If the original C2 server is taken down, the extension will check a smart contract hosted on the Ethereum blockchain for new server details. It also allows for 'emergency' command execution through the extension.
November 3, 2025 at 4:34 PM
If the original C2 server is taken down, the extension will check a smart contract hosted on the Ethereum blockchain for new server details. It also allows for 'emergency' command execution through the extension.
Responses from the command and control server will be executed in the sandbox on the endpoint allowing full machine access.
November 3, 2025 at 4:34 PM
Responses from the command and control server will be executed in the sandbox on the endpoint allowing full machine access.
The extension initializes by getting machine details, contacting sleepyduck, and creating a sandbox environment for code execution
November 3, 2025 at 4:34 PM
The extension initializes by getting machine details, contacting sleepyduck, and creating a sandbox environment for code execution
Full details here - secureannex.com/blog/sleepyd...
SleepyDuck malware invades Cursor through Open VSX
The advanced SleepyDuck IDE extension RAT uses Ethereum contracts for persistence.
secureannex.com
November 3, 2025 at 4:31 PM
Full details here - secureannex.com/blog/sleepyd...
You can watch these updates by monitoring the contract. For instance this was an update of the C2 server from localhost to it's currently active domain.
November 3, 2025 at 4:31 PM
You can watch these updates by monitoring the contract. For instance this was an update of the C2 server from localhost to it's currently active domain.
If the original C2 server is taken down, the extension will check a smart contract hosted on the Ethereum blockchain for new server details. It also allows for 'emergency' command execution through the extension.
November 3, 2025 at 4:31 PM
If the original C2 server is taken down, the extension will check a smart contract hosted on the Ethereum blockchain for new server details. It also allows for 'emergency' command execution through the extension.
Responses from the command and control server will be executed in the sandbox on the endpoint allowing full machine access.
November 3, 2025 at 4:31 PM
Responses from the command and control server will be executed in the sandbox on the endpoint allowing full machine access.
The extension initializes by getting machine details, contacting sleepyduck, and creating a sandbox environment for code execution
November 3, 2025 at 4:31 PM
The extension initializes by getting machine details, contacting sleepyduck, and creating a sandbox environment for code execution
If you're against 100 grand and gummy clusters, you should just retire from the game.
October 31, 2025 at 9:35 PM
If you're against 100 grand and gummy clusters, you should just retire from the game.