Spotify Has a Malware Problem

I’m naming my next album “Office full version cracked”

DigitalicaEG

Coming up with that Instagram idea is exactly the kind of creativity I would expect from the best of both cyber criminals and cyber defenders

randomguyx

So happy the "Hello world" is back

ByAlexdotgg

I'm not kidding that my grandma had someone inspect her computer and she was told that she was "completly hacked." She just had a bunch of sites spamming her with notifications.

Texan_DoomGuy

I'm a moderator for Nexus Mods and we've been hit with a similar sort of spam problem. The dev team has had to develop dedicated tools to stop the spam at its current scale, whereas we were able to get away with user reports just two years ago. Heck, we only even built a proactive detection system in response to some guy in his basement spamming the site to promote his very un-based modding site hosting all sorts of problematic and hateful stuff (we're talking everything from mysogony and racism to anti-gay and anti-trans content, and the comments on that site were about what you'd expect from literal racists). We had so little of a problem that one very sad basement-dweller was able to completely outclass the previous levels of spam on the site.

When the office staff started doing an analysis on the spam, they found that they were abusing our mod pages' Articles feature (almost like pages of a documentation site) to get a very high SEO ranking on Google, which would stay indexed sometimes for multiple days—even if we took the page down within 30 minutes. Dev team built some proactive actioning tools that forced them to innovate, which means we hit them right in the money.

BellCube

That cell spammer looks futuristic as shit with those green lit up wires. Like alien fiber optics. I should get one and drive around spamming my number and photo to see if I can find a date.

paulsaulpaul

Another recent interesting C2 finding, was hackers using Steam as a C2 by changing the display name of an account to send their commands lol

MartianMoon

2:15 Yes actually, there was a 'roblox daily item' plugin that loaded custom code from the description of a game that was uploaded to roblox platform to avoid detection by chrome code reviewers.
I saw this from a video by 'No Text To Speech', pretty interesting.

NinetyUnderScore

Tbh what this reminded me of was people uploading full music albums with completed metadata to DeviantArt. I got so much music for my iPod in the early 10s that way LOL

prairie_court

Okay listen, whoever falls for that on spotify.. at this point its natural selection.

monkaSisLife

It's like when a hacker gang started using discord to manage their malware remotely using emojis to send commands, that's one that comes to mind when I think of hackers using legitimate services for malware

Gandingas

Clandestine C&C protocols may be the deepest rabbit hole on the internet.
Like number-stations.
And with AI integration even more old-school spycraft can be implemented. It can just observe a public webcam and wait for any manner of signals like the "chalk-mark" or "window-placement" method of signaling a handler.

R_C

i remember some hackers used roblox games to hide data for a malicious roblox extension

Cequallium

The C2C comments being hidden is really clever. It's like the digital equivalent of a dead drop.

ketsuekikumori

3:44 What it takes to get hired as a pentester in 2024

Shotgun_Only

The old “click this link, trust me” 😂😂😂😂😂

overflowbeats

1:32 Seems YouTube has this same problem. We've all seen *those* comments

mllarson

1:23 Reminds me of the coded radio transmission in WW2 BBC broadcasts and modern day number stations.

christopherg

Something about the instagram "hiding in plain sight" thing reminds me of number stations with how they're hiding in plain sight... very clever!

btarg

I'll put down "don't hack into random companies' infrastructure to advertise your pentest services" into my list of things to not do. Thank you Kloster for the reminder.

Slavolko