Hello, comrades.
I am psychlo. One of the programmers behind the chaes malware.
Since 2020 we have been in the wild.
We appeared on the news for the first time on november 17th 2020, when our software was analysed by cybereason.
[https://www.] cybereason[.]com/threat-alert-chaes-e-commerce-malware
There is full pdf with details.
In january 25th 2022 we had a new analysis now by avast:
[https://] decoded[.]avast[.]io/anhho/chasing-chaes-kill-chain/
We blogged about it on a blogspot we control and used back in the days to put some c2 information hidden inside the html so the victims could find the servers.
[https://] awsvirtual[.]blogspot[.]com/
Last but not least, this year we had a new analysis, this time by morphisec.
[https://] blog[.]morphisec[.]com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers
What can I say, I just love the attention and the analysis always make me want to improve the work we make.
Reading the analysis we can find what is being easy to find and what they didn't find. So we know what we have been doing right and what we should improve.
Now, why am I posting this here?
Well, first because I like the feeling... I guess in the end that is something all of us enjoy... the stories, the drama, the news... just knowing that there are some people getting paid to reverse my malware, write about it... it makes me smile...
On the other hand... Hido Cohen was talking to an old man in the video presentation and the old man asked "why do they focus only in Brazil?"
He has a point...
So... If anyone here has any idea, maybe we could join forces... we could share some information... currently we only target brazil financial systems but we are up to know about other possibilities...
Banking security in brazil is pretty serious, they spend tons of money with high end solutions to prevent fraud. I believe there are easier countries out there where people are not so malicious as brazilians are...
Think about canadians... western european people... they are pretty innocent about data theft.. they trust a lot more, at least that is what I think...
anyway...
I intend to keep up this post with more stories, maybe updates... I enjoy writing about this..
would love to chat about malware scene and maybe think about new ideas, possibilities to explore...
besides the competition for money, most of us, those who have been here for a while... we are here because we love this...
money comes and goes... but hacking is a part of us...
I would love to talk with you guys because I know that deep inside we share the same passion for code, computers, data and money.
Feel free to share your own thoughts below.
I wish I could speak russian. I have been doing classes but there is a big distance between learning the basics and being able to communicate in a cyber security forum. I hope I get there someday.
Best regards.
I am psychlo. One of the programmers behind the chaes malware.
Since 2020 we have been in the wild.
We appeared on the news for the first time on november 17th 2020, when our software was analysed by cybereason.
[https://www.] cybereason[.]com/threat-alert-chaes-e-commerce-malware
There is full pdf with details.
In january 25th 2022 we had a new analysis now by avast:
[https://] decoded[.]avast[.]io/anhho/chasing-chaes-kill-chain/
We blogged about it on a blogspot we control and used back in the days to put some c2 information hidden inside the html so the victims could find the servers.
[https://] awsvirtual[.]blogspot[.]com/
Last but not least, this year we had a new analysis, this time by morphisec.
[https://] blog[.]morphisec[.]com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers
What can I say, I just love the attention and the analysis always make me want to improve the work we make.
Reading the analysis we can find what is being easy to find and what they didn't find. So we know what we have been doing right and what we should improve.
Now, why am I posting this here?
Well, first because I like the feeling... I guess in the end that is something all of us enjoy... the stories, the drama, the news... just knowing that there are some people getting paid to reverse my malware, write about it... it makes me smile...
On the other hand... Hido Cohen was talking to an old man in the video presentation and the old man asked "why do they focus only in Brazil?"
He has a point...
So... If anyone here has any idea, maybe we could join forces... we could share some information... currently we only target brazil financial systems but we are up to know about other possibilities...
Banking security in brazil is pretty serious, they spend tons of money with high end solutions to prevent fraud. I believe there are easier countries out there where people are not so malicious as brazilians are...
Think about canadians... western european people... they are pretty innocent about data theft.. they trust a lot more, at least that is what I think...
anyway...
I intend to keep up this post with more stories, maybe updates... I enjoy writing about this..
would love to chat about malware scene and maybe think about new ideas, possibilities to explore...
besides the competition for money, most of us, those who have been here for a while... we are here because we love this...
money comes and goes... but hacking is a part of us...
I would love to talk with you guys because I know that deep inside we share the same passion for code, computers, data and money.
Feel free to share your own thoughts below.
I wish I could speak russian. I have been doing classes but there is a big distance between learning the basics and being able to communicate in a cyber security forum. I hope I get there someday.
Best regards.
Последнее редактирование:
