MurmurCast
NewsTechnical

How a Roblox Cheat Script Led to a $2M Vercel Hack

Sabrina Ramonov ๐Ÿ„

A Context.ai employee downloaded a Roblox cheat script on their work laptop, inadvertently installing the Llama Stealer malware, which harvested browser credentials and OAuth tokens. This single infection created a chain reaction that allegedly gave hackers access to Vercel's internal systems, source code, and employee data, which they are now auctioning for $2 million.

Summary

The incident began on February 26 when a Context.ai employee with privileged system access searched for and downloaded a Roblox auto-farm cheat script on their work laptop. Bundled with the script was a piece of malware called Llama Stealer, which silently harvested the employee's saved browser passwords, session cookies, autofill data, Google Workspace credentials, Supabase keys, and admin account credentials for Context.ai.

Llama Stealer is not a simple virus but a sophisticated, commercially operated malware-as-a-service platform, written in C++ and assembly and active on cybercrime forums since 2022. It evades detection by mimicking human behavior (waiting for mouse movement), bypassing Windows APIs through direct kernel system calls, and using trusted platforms like Telegram, Dropbox, and Steam as fallback communication channels. Its distribution network relies on phishing emails, fake Google ads, compromised websites, and deceptive CAPTCHA pages that trick users into running malicious commands. Microsoft documented nearly 400,000 infections in a single 60-day window in early 2025 before executing a global takedown that seized approximately 2,500 domains โ€” though activity resurged within weeks.

Cybercrime intelligence firm Hudson Rock connected the dots, finding that Context.ai had exactly one recorded Llama Stealer infection โ€” this employee โ€” occurring approximately one month before the Vercel breach. The compromised employee's browser data contained the OAuth client ID for a Context.ai-branded Google Workspace application. Because this OAuth app had delegated access to Google Workspace data, when the credentials were stolen, so was the app's access. The same employee was also a core member of the Context.ai-Vercel integration team, and their browser history contained URLs pointing to an internal Vercel project called 'Valinor.'

Vercel's security advisory attributed the breach to 'the compromise of a third-party AI tool's Google Workspace OAuth application.' Hackers โ€” claiming to be the known extortion group Shiny Hunters, though this is disputed โ€” are now selling Vercel's alleged source code, database data, npm tokens, GitHub tokens, and multiple employee account credentials on a public forum for $2 million, while simultaneously demanding a private ransom from Vercel to remove the listing. As proof, they released 580 employee records and a screenshot of what appears to be Vercel's internal enterprise dashboard.

The video concludes with security recommendations: auditing Google Workspace OAuth app permissions and revoking unrecognized access, treating every third-party AI tool as a potential backdoor, and rotating API keys, npm tokens, and other secrets on a regular schedule.

Key Insights

  • The speaker argues that Llama Stealer is not a crude virus but a professionally operated malware-as-a-service business, written in C++ and assembly, that rents access to affiliates who handle distribution through phishing, fake Google ads, and deceptive CAPTCHA pages that trick users into running malicious terminal commands.
  • The speaker explains that Llama Stealer evades most security tools by bypassing the Windows API entirely and communicating directly with the kernel via system calls, while also using trusted platforms like Telegram, Dropbox, and Steam as fallback data exfiltration channels if primary servers go offline.
  • Hudson Rock found that Context.ai had exactly one recorded Llama Stealer infection in its entire history โ€” this single employee, one month before the Vercel breach โ€” establishing a direct causal link between the Roblox cheat download and the downstream compromise of Vercel.
  • The speaker explains that the critical vulnerability was not just stolen credentials but a Context.ai-branded Google Workspace OAuth app that had delegated access to Workspace data; when the employee's credentials were stolen by Llama Stealer, the malware inherited the OAuth app's permissions as well.
  • The hacker โ€” claiming to be Shiny Hunters, though other actors linked to that group denied involvement โ€” is simultaneously running a public auction of Vercel's alleged source code and demanding a private ransom from Vercel, using the public listing as leverage in a dual-track extortion strategy.

Topics

Llama Stealer malware-as-a-serviceOAuth token hijacking and supply chain attacksVercel source code breach and $2M ransom demandContext.ai as the breach entry pointSecurity best practices for credential and token management

Full transcript available for MurmurCast members

Sign Up to Access
View original source โ†’

Get AI summaries like this delivered to your inbox daily

Get AI summaries delivered to your inbox

MurmurCast summarizes your YouTube channels, podcasts, and newsletters into one daily email digest.