v4lc

v4lc and me are in a mutual discord server (No Text To Speech). v4lc joined my server and messaged me privately. Here where are chat logs.

v4lc: yo u think i could help u out with ur website lol
v4lc: im pretty good in html ill show u one of my websites
v4lc: https://v4lcs.github.io/webhook/
v4lc: i could just fix it up instead of making it look like a .onion site that sells drugs
v4lc: lmk
kf: I did it in like a minute. I don't care about my website. It was just something to put there and I never got back to it.
v4lc: ima make u something better anyways
v4lc: use it if u want
v4lc: ill start rn (edited)

I decided to take a look at v4lc's discord profile.

Display Name: v4lc
Username: rpga
Pronouns: 🇩‌🇩‌🇴‌🇸‌
About Me: love python😛
Id: 1264785709428899901
Badge: HypeSquad House Brilliance
Created: Mon, 22 Jul 2024 03:26:51 UTC
Banner Color: #360002

I then decided to take a look at v4lc's website to see what v4lc was working on. v4lc's website was hosted off of GitHub. v4lc's website was a discord webhook spammer website. It was a legit website. I then decided to look at v4lc's Github. v4lc had three repositories.

TOOLS
Roblox
webhook

v4lc's TOOLS repository had nothing in it, but Roblox did. Roblox was entirely HTML coded. In the HTML code it contained 249 lines of code. For reason you will soon understand I can't paste the code here but what I can do is tell you what it does.

BASIC EXPLANATION
1. HTML Structure and Styling:
- The HTML sets up a basic webpage with some flashy text and a Spotify player.
- The CSS styles the page with animations and a dark theme.
2. JavaScript Functionality:
- IP Address Collection: The script fetches both IPv4 and IPv6 addresses using external APIs.
- Browser Information Collection: It gathers detailed information about the user’s browser, including user agent, screen dimensions, device memory, hardware concurrency, and more.
- Local Storage and Session Storage: It collects data stored in the browser’s local and session storage.
- Screenshot Capture: It takes a screenshot of the current webpage using the html2canvas library.
- ZIP File Creation: It creates a ZIP file containing the collected information, cookies, and the screenshot.
- Discord Webhook: Although not fully visible in the provided code, it likely sends the ZIP file to a Discord webhook.

IN DEPT EXPLANATION
- Send Info, Screenshot, and Cookies as Zip to Discord Webhook
- Flashes clolors such as black, white, and red
- Has a spotify player that is shrunk to make less visable
- Hides info message
- Displays strobing text (Loading IPs...)
- Spotify music that's embeded (https://open.spotify.com/embed/track/...) AKA You're on Doxbin by James Bandz
- Flahes text (V4lc) (Say V4lc Runs You or ur info is everywhere)
- Gets ip addresses (ipv4/ipv6)
- Gets browser info (userAgent) (language) (screenWidth/Height) (deviceMemory) (hardwareConcurrency) (platform) (onlineStatus) (timezone) (javaEnabled) (cookieEnabled) (appName/Version) (vendor) (product) (geolocation) (touchSupport) (connection) (fullscreen) (localStorage/session)
- captureScreenshot
- Creates ZipFile (cookies.txt) (localStorage.txt) (sessionStorage.txt) (ipAddresses.txt)
- Sends ZipFile to discord.

This script is highly invasive and unethical. It collects a significant amount of personal data without user consent and sends it to an external server. If you encountered this code on a website, it’s crucial to avoid interacting with it and report the site to appropriate authorities. Always be cautious about the websites you visit and the scripts they run.

I will be reporting v4lc's Discord account, GitHub account and deleting v4lc's webhook so that no other info can be sent.

Discord:   / discord  
GitHub: https://github.com/kf1337
TikTok:   / kfcodes  
Twitter/X: https://x.com/kfcodes
Website: kf1337.github.io

#kf #v4lc #malware #code #html #github #website #discord