Clandestine's banner
Clandestine's profile picture

Clandestine

@akaclandestine59,453 subscribers

| Security | Osint | Threat Research | Opsec | Threat Intelligence | Infosec | Threat Hunting | Humint |

Videos

LIVE
1.2k

Anya Rossi

sweetdream.ai

SweetDream.aiSponsoredLivecam
Streaming Now

Watch Anya Live

Anya is streaming live right now! Join her private show and enjoy exclusive content.

HD live stream
Exclusive private shows
1.2k viewers online

Free preview available • Premium content

Security Alert: OSINT Investigation – Fraud on Caixa Tem OSINT analysis has identified the commercialization of SIP infrastructure (“SIP CAIXA TEM”) for large-scale attacks against the Caixa Tem mobile banking app from Caixa Econômica Federal. 1. Acquisition of Calling Infrastructure • “SIP CAIXA TEM” = Brazilian VoIP SIP trunks optimized for mass calling. • Scalable packages: 5 channels for R$ 1,500 up to 100 channels for R$ 11,000, with prepaid minutes at R$ 0.10 per minute. • “Auto-dialer up to 50 threads + real-time transcription” for R$ 2,000 = automatic dialing software capable of running up to 50 simultaneous calls per operator (or per machine). Real-time speech-to-text allows the “agent” to read the victim’s responses without listening live, speeding up the scam and easing training/quality control. • Example number 558007260207 (= +55 800 726 0207) is the official Caixa 0800 hotline. The service enables spoofing (origin forgery) so the call appears to come directly from Caixa. 2. Execution of Vishing (the “scam call”) • The auto-dialer calls thousands of numbers (typically from leaked beneficiary databases). • Typical script: “Your Caixa Tem account has a problem/block/suspicion of fraud. To unblock it, confirm your details or make a test PIX to a secure account.” • The fraudster instructs the victim to open the Caixa Tem app live, share the screen, provide OTP codes, change registered email/phone/password, or install a fake app. • Once access is obtained, the scammer changes contact details, transfers the balance from the Digital Social Savings Account via PIX to “mule” accounts (money mules), and erases traces. Recommendation: Never provide passwords, codes, or authorize financial transactions over the phone. Contact Caixa exclusively through official channels. Report immediately: Caixa app or 0800 726 0207. #CyberSecurity #DigitalSecurity #DigitalFraud #CaixaTem #VishingBrazil #FraudAlert #OSINTBrazil #DigitalProtection CAIXA
0:26
akaclandestine's profile picture

Security Alert: OSINT Investigation – Fraud on Caixa Tem OSINT analysis has identified the commercialization of SIP infrastructure (“SIP CAIXA TEM”) for large-scale attacks against the Caixa Tem mobile banking app from Caixa Econômica Federal. 1. Acquisition of Calling Infrastructure • “SIP CAIXA TEM” = Brazilian VoIP SIP trunks optimized for mass calling. • Scalable packages: 5 channels for R$ 1,500 up to 100 channels for R$ 11,000, with prepaid minutes at R$ 0.10 per minute. • “Auto-dialer up to 50 threads + real-time transcription” for R$ 2,000 = automatic dialing software capable of running up to 50 simultaneous calls per operator (or per machine). Real-time speech-to-text allows the “agent” to read the victim’s responses without listening live, speeding up the scam and easing training/quality control. • Example number 558007260207 (= +55 800 726 0207) is the official Caixa 0800 hotline. The service enables spoofing (origin forgery) so the call appears to come directly from Caixa. 2. Execution of Vishing (the “scam call”) • The auto-dialer calls thousands of numbers (typically from leaked beneficiary databases). • Typical script: “Your Caixa Tem account has a problem/block/suspicion of fraud. To unblock it, confirm your details or make a test PIX to a secure account.” • The fraudster instructs the victim to open the Caixa Tem app live, share the screen, provide OTP codes, change registered email/phone/password, or install a fake app. • Once access is obtained, the scammer changes contact details, transfers the balance from the Digital Social Savings Account via PIX to “mule” accounts (money mules), and erases traces. Recommendation: Never provide passwords, codes, or authorize financial transactions over the phone. Contact Caixa exclusively through official channels. Report immediately: Caixa app or 0800 726 0207. #CyberSecurity #DigitalSecurity #DigitalFraud #CaixaTem #VishingBrazil #FraudAlert #OSINTBrazil #DigitalProtection CAIXA

Clandestine

143,996 просмотров • 2 месяцев назад

A Threat Actor has announced, through text and video in a Telegram group, the launch of BLACKNET-00 — the world’s most advanced and accessible ransomware builder platform. Featuring a professional dark-themed graphical interface, intuitive tabs, and real-time configuration preview, anyone — even with ZERO programming knowledge — can generate fully functional ransomware with just one click. High-risk features of the BLACKNET-00 tool include: • AES-256, RSA, and ChaCha20 encryption • Complete disablement of Windows Defender, Task Manager, and critical system controls • Advanced persistence + network/USB self-propagation • C2 server with Tor + DGA support • Anti-detection (VM, sandbox, delayed execution) • Exfiltration of passwords, crypto wallets, screenshots, and webcam footage Announced price: US$ 500. This platform democratizes ransomware, completely eliminating the technical barrier and dramatically increasing the risk of mass attacks by low-level actors. Cybersecurity professionals and organizations: immediately raise your alert level and reinforce defenses. Share to spread awareness. #CyberSecurity #Ransomware #BLACKNET00 #ThreatIntelligence #InfoSec #Malware #RansomwareAsAService #CyberThreat #ThreatActor
2:14
akaclandestine's profile picture

A Threat Actor has announced, through text and video in a Telegram group, the launch of BLACKNET-00 — the world’s most advanced and accessible ransomware builder platform. Featuring a professional dark-themed graphical interface, intuitive tabs, and real-time configuration preview, anyone — even with ZERO programming knowledge — can generate fully functional ransomware with just one click. High-risk features of the BLACKNET-00 tool include: • AES-256, RSA, and ChaCha20 encryption • Complete disablement of Windows Defender, Task Manager, and critical system controls • Advanced persistence + network/USB self-propagation • C2 server with Tor + DGA support • Anti-detection (VM, sandbox, delayed execution) • Exfiltration of passwords, crypto wallets, screenshots, and webcam footage Announced price: US$ 500. This platform democratizes ransomware, completely eliminating the technical barrier and dramatically increasing the risk of mass attacks by low-level actors. Cybersecurity professionals and organizations: immediately raise your alert level and reinforce defenses. Share to spread awareness. #CyberSecurity #Ransomware #BLACKNET00 #ThreatIntelligence #InfoSec #Malware #RansomwareAsAService #CyberThreat #ThreatActor

Clandestine

87,855 просмотров • 2 месяцев назад

🚨 THREAT INTELLIGENCE ALERT 🚨 The tool 🇨🇳 KernelGhost820 is being actively sold on the underground market for US$ 2,500, complete with full source code. This is a professional-grade suite with an intuitive graphical interface and six advanced modules, specifically designed for EDR evasion and sophisticated ransomware operations with efficient lateral movement: • EDR Removal Engine: Automatically detects and terminates more than 40 security products (including CrowdStrike, SentinelOne, Microsoft Defender, Kaspersky, and others). Supports Kernel, UserMode, and NTDLL termination modes, kernel driver loading for protected processes, disabling Windows Defender, and blocking telemetry connections. • Ransomware Module: Dual encryption using AES256CBC + RSA2048, supporting over 70 file types (documents, images, databases, backups, etc.). Automatically deletes Volume Shadow Copies to prevent recovery, generates custom ransom notes with Bitcoin addresses and contact emails, and changes the desktop wallpaper. • Remote Operations & Mass Deployment: Connects to remote devices on the local network via WMI (requires username and password). Scans installed software on target hosts, performs process termination, and enables one-click full tool deployment. Includes full-network scanning for open SMB port 445 with real-time progress tracking. • Detailed Process Manager and full Operation Logger (exportable to TXT). This tool significantly lowers the technical barrier for advanced ransomware actors targeting corporate environments. Immediate monitoring recommendations: • Evaluate the resilience of your EDR/XDR controls against kernel-mode bypass techniques • Intensify monitoring of anomalous SMB (port 445) traffic and WMI connections • Strengthen network segmentation and the principle of least privilege Our team is actively tracking this tool and any emerging variants. #ThreatIntelligence #Ransomware #EDRBypass #CyberSecurity #InfoSec #CyberThreat
3:20
akaclandestine's profile picture

🚨 THREAT INTELLIGENCE ALERT 🚨 The tool 🇨🇳 KernelGhost820 is being actively sold on the underground market for US$ 2,500, complete with full source code. This is a professional-grade suite with an intuitive graphical interface and six advanced modules, specifically designed for EDR evasion and sophisticated ransomware operations with efficient lateral movement: • EDR Removal Engine: Automatically detects and terminates more than 40 security products (including CrowdStrike, SentinelOne, Microsoft Defender, Kaspersky, and others). Supports Kernel, UserMode, and NTDLL termination modes, kernel driver loading for protected processes, disabling Windows Defender, and blocking telemetry connections. • Ransomware Module: Dual encryption using AES256CBC + RSA2048, supporting over 70 file types (documents, images, databases, backups, etc.). Automatically deletes Volume Shadow Copies to prevent recovery, generates custom ransom notes with Bitcoin addresses and contact emails, and changes the desktop wallpaper. • Remote Operations & Mass Deployment: Connects to remote devices on the local network via WMI (requires username and password). Scans installed software on target hosts, performs process termination, and enables one-click full tool deployment. Includes full-network scanning for open SMB port 445 with real-time progress tracking. • Detailed Process Manager and full Operation Logger (exportable to TXT). This tool significantly lowers the technical barrier for advanced ransomware actors targeting corporate environments. Immediate monitoring recommendations: • Evaluate the resilience of your EDR/XDR controls against kernel-mode bypass techniques • Intensify monitoring of anomalous SMB (port 445) traffic and WMI connections • Strengthen network segmentation and the principle of least privilege Our team is actively tracking this tool and any emerging variants. #ThreatIntelligence #Ransomware #EDRBypass #CyberSecurity #InfoSec #CyberThreat

Clandestine

40,505 просмотров • 1 месяц назад

A high-risk illegal tool called Tela Caixa Física + Jurídica Operadora (Mobile & Desktop) is being openly marketed for R$ 2,000 per month. Advertised features include: • Selective data harvesting of individuals (Pessoa Física — PF) and legal entities (Pessoa Jurídica — PJ) • CPF + CNPJ APIs • Operator commands for sending QR Codes and numerous other remote controls • Complete dashboard with real-time metrics, statistics, and separation between physical and legal persons • Ability to enable/disable specific data collection (only PF, only PJ, or both) • Full command control (return to start, switch account types, module updates, and all tokens) This solution is explicitly designed for mass unauthorized collection of personal and corporate data, social engineering, and banking fraud, constituting serious violations of Brazil’s LGPD (General Data Protection Law), the Penal Code (fraud and electronic fraud), and the Internet Civil Rights Framework. The ad highlights “limited spots” and includes a demonstration video. #CyberAlert #BankFraud #TelaCaixa #CyberCrime #LGPD #DataProtection #ReportFraud #CyberSecurity CAIXA
2:58
akaclandestine's profile picture

A high-risk illegal tool called Tela Caixa Física + Jurídica Operadora (Mobile & Desktop) is being openly marketed for R$ 2,000 per month. Advertised features include: • Selective data harvesting of individuals (Pessoa Física — PF) and legal entities (Pessoa Jurídica — PJ) • CPF + CNPJ APIs • Operator commands for sending QR Codes and numerous other remote controls • Complete dashboard with real-time metrics, statistics, and separation between physical and legal persons • Ability to enable/disable specific data collection (only PF, only PJ, or both) • Full command control (return to start, switch account types, module updates, and all tokens) This solution is explicitly designed for mass unauthorized collection of personal and corporate data, social engineering, and banking fraud, constituting serious violations of Brazil’s LGPD (General Data Protection Law), the Penal Code (fraud and electronic fraud), and the Internet Civil Rights Framework. The ad highlights “limited spots” and includes a demonstration video. #CyberAlert #BankFraud #TelaCaixa #CyberCrime #LGPD #DataProtection #ReportFraud #CyberSecurity CAIXA

Clandestine

28,745 просмотров • 1 месяц назад

🚨 Beware! There's a scam tool that sends fake reports or bans accounts 👻 and asks for your password or username. Once you enter this info, it goes straight to a Telegram bot 👹. Protect your data and stay alert! #CyberSecurity #OnlineScam
1:53
akaclandestine's profile picture

🚨 Beware! There's a scam tool that sends fake reports or bans accounts 👻 and asks for your password or username. Once you enter this info, it goes straight to a Telegram bot 👹. Protect your data and stay alert! #CyberSecurity #OnlineScam

Clandestine

14,333 просмотров • 3 месяцев назад

Hacking in progress...👀
0:20
akaclandestine's profile picture

Hacking in progress...👀

Clandestine

43,860 просмотров • 2 лет назад

Больше нет контента для загрузки