Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
gnabgib 8 hours ago

This seems to lack the full story, despite the headline.. Krebs' coverage is more in-depth (39 points) https://news.ycombinator.com/item?id=46976825

walletdrainer 2 hours ago | parent | next [-]

It’s unfortunate that Krebs has switched to posting AI slop.

His latest story is entirely fabricated and LLM generated, the phishing kit he advertises does not even actually exist.

notpushkin an hour ago | parent | next [-]

Could you elaborate a bit? It’s hard to take such a claim seriously without any evidence presented.

walletdrainer an hour ago | parent [-]

Every single person who has bought the phishing kit claims the seller is a scammer. Krebs’s article is based entirely on the sellers description of the (imaginary) product, rather than actual observation of the phishing kit in the wild.

See the exploit.in thread for example https://temp.sh/XOWUP/STARKILLER_V6.0.1___ULTIMATE_WEAPON__B...

Krebs has access to these forums, he could’ve checked this story out in less than 3 minutes but did not.

Even if Krebs wasn’t a subject matter expert, it’s still inexcusable that he didn’t do the most basic work here. You don’t need to frequent underground runet forums to know that a journalist should be able to verify the stories he puts out.

I think it’s also particularly telling that he didn’t bother to source reasonable quality screenshots for the story, which he would have been able to do had he ever witnessed this phishing kit working.

pests 9 minutes ago | parent | next [-]

> Krebs’s article is based entirely on the sellers description of the (imaginary) product, rather than actual observation

I noticed. While researching I had a feeling of "is this just makeup on a pig?". Anyone can make pretty graphics or make claims. I tried reading a few selling points and I was weary.

One claimed to handle a MFA token handover and then somehow got access to the token and they could proxy it for you? The user types in the MFA token, they get the token. I cant figure out how they would bypass all browser protections to pass on the highly-secured token via a proxy. I've been online for 25 years, I understand on a deep level on the internet works and the web and what is happening in this situation, as I'm sure most here are.

Without a 0day, this just doesn't make sense. But this is pretty technical, and unless you hang out here then the above sounds perfectly reasonable but to us sounds like bullshit.

> he didn’t bother to source reasonable quality screenshots for the story

Also noted. Quickly found better quality versions myself with a quick search.

Roark66 30 minutes ago | parent | prev [-]

>See the exploit.in thread for example https://temp.sh/XOWUP/STARKILLER_V6.0.1___ULTIMATE_WEAPON__B...

"Maximum download limit reached" - it's gone. Also, not present in the archive.org :-(

JasonADrury 6 minutes ago | parent [-]

https://files.catbox.moe/fod8rc.pdf

https://web.archive.org/web/20260222094129/https://files.cat...

pests 2 hours ago | parent | prev [-]

This is so odd. I tried to verify your claim and I give up. It might be but I really hate how information is becoming like this. There is other reporting out there on "Starkiller" (the phishing kit in kerbs most recent post) and I can find other articles on it, but sources seem to be circular. The source mentions Jinkusu forums, which do seem to be real, but any links I find aren't loading for me and still no conclusive findings of Starkiller.

flipped a minute ago | parent | next [-]

Krebs lack any sort of real credibility. He's pushing out slop with a govern-mentalist propaganda. Tech journalists are the worst form to gather any actual information.

walletdrainer an hour ago | parent | prev [-]

https://temp.sh/XOWUP/STARKILLER_V6.0.1___ULTIMATE_WEAPON__B...

These forums are mostly private, but Krebs certainly has access to them. There can really be no excuse for how he handled this.

There are multiple posts by people in different places claiming to have bought this phishing kit, and then being delivered totally non-functional vibecoded garbage. The vibecoded garbage is not the advertised product though, as the author never managed to get the AI to finish his project.

pests 5 minutes ago | parent [-]

I figured the forums were real, just was blocked for some reason so thanks.

I do not doubt this story for a second. Its crazy Kerb's is basically freely advertising this blackhat slop.

darig 2 hours ago | parent | prev [-]

[dead]