CW // Mercury - Lies, Lies, Skidding, and Illegal Activites, what a disaster!

Hello Guys, Nori Here.
While I was looking at ROBLOX Exploits on Youtube, I saw this executor called "Mercury".
Now what intrigued me about this executor was the bold claim of a "Custom API / Custom DLL". This claim is very bold as of now because of Inlining, so me and my buddies (ImmuneLion318, Cybuh) have come to investigate.

Youtube Video in Question: https://www.youtube.com/watch?v=9hhZNlscNd0

While we were investigating this executor, we found a lot of suspicious things, and we like to share them with you.


Category 1: Lies, Lies, Lies
The "Custom DLL", as it turned out, was "in development", and would be "better than KRNL".
https://cdn.discordapp.com/attachments/958900265103282176/958901789174935592/unknown.png

However, this was farther from the Truth. They in fact had no developer, and was looking for one.
https://cdn.discordapp.com/attachments/958900265103282176/958901772192215131/unknown.png

However, they didn't know the current prices of DLL Developers, so they backed off once I told them he was expensive.

The developer himself promised things that no one like him can actually do:
https://cdn.discordapp.com/attachments/958900265103282176/958905787772723280/IMG_0049.png

He puts faith in Virus Detections:
https://cdn.discordapp.com/attachments/958900265103282176/958906273192112158/IMG_0050.png

And made false accusations about the Synapse Developer being gay:
https://cdn.discordapp.com/attachments/958900265103282176/958906327424454686/IMG_0051.png


Category 2: Skidding
The bootstrapper is made in WPF while the Executor itself is made in Winforms. This inconsistency makes no sense especially if the less important program is made in a better design platform.

And as it turns out, it is based off Hexo / Serenity:
https://cdn.discordapp.com/attachments/883245267019784225/958915216014467173/unknown.png

Pasted from Fadh's Bootstrapper Video:
https://cdn.discordapp.com/attachments/958900265103282176/958905577902338048/unknown.png

Executor Pasted PareX Monaco:
https://cdn.discordapp.com/attachments/958900265103282176/958907361223917578/unknown.png

The owner apparently not knowing who PareX is:
https://cdn.discordapp.com/attachments/883245267019784225/958915297283309648/unknown.png

Skidded Listbox:
https://cdn.discordapp.com/attachments/958900265103282176/958905073646333952/unknown.png


Category 3: Suspicious Behavior
As they use KRNL API as of now, they added a shady KRNL Bypass:
https://cdn.discordapp.com/attachments/883245267019784225/958915368510980206/unknown.png
https://cdn.discordapp.com/attachments/958900265103282176/958901458168864788/unknown.png

This executor straight up hooks to your startup, no where in the UI to disable it, and no way of knowing (why?)
https://cdn.discordapp.com/attachments/958900265103282176/958908266413457419/unknown.png
https://cdn.discordapp.com/attachments/958900265103282176/958904549291216947/unknown.png
https://cdn.discordapp.com/attachments/883245267019784225/958915432658636850/unknown.png

Everyone in our team who has used Mercury has had this happen. They don't even ask for consent.

The Executor also sends your raw IP Address, not protected, RAW:
https://cdn.discordapp.com/attachments/958900265103282176/958903999044661308/unknown.png

Illegal HWID Grabbing:
https://cdn.discordapp.com/attachments/958900265103282176/958903795813847050/unknown.png

They don't have a privacy policy, in fact they straight up lie to you:
https://cdn.discordapp.com/attachments/883245267019784225/958915511956164669/unknown.png

Mercury makes an Unknown Request:
https://cdn.discordapp.com/attachments/958900265103282176/958905915275362374/unknown.png

Mercury opens something (we are not sure what):
https://cdn.discordapp.com/attachments/958900265103282176/958905979213344828/unknown.png

(Thanks to ImmuneLion318 for his findings)


We bypassed Mercury BTW:
Old:
https://cdn.upload.systems/uploads/zdOBbHZH.gif
New:
https://cdn.upload.systems/uploads/yO4C1PAt.gif
(Thanks again ImmuneLion318)


Conclusion:
We don't think Mercury should exist at all. What they are doing in terms of logging is borderline illegal and their lies over themselves and other exploits ruins their credibility and their future. As of it's current state, we do not believe this exploit will survive due to it's poor leadership and shadiness, and we don't think anyone should use this.

Discord Server, please don't spam (bad etiquette), but please warn the over 240 members in their discord server about the Executor's shady activities:
https://discord.gg/EB6dUyR3jN