itsMe Posted November 24, 2023 Share Posted November 24, 2023 This is the hidden content, please Sign In or Sign Up Go-written Malware targeting Windows systems, extracting User Data from Discord, Browsers, Crypto Wallets and more, from every user on every disk. (PoC. For Educational Purposes only). This proof of concept project demonstrates a "Discord-oriented" stealer implemented in Go, a language not commonly utilized for such purposes on GitHub. The malware is designed to operate on Windows systems and employs a method involving privilege escalation, specifically leveraging the well-known Fodhelper technique. By elevating privileges, the malware gains access to sensitive user data stored in all user sessions on every disk Features: UAC Bypass: Grants privileges to steal user data from others users. 🕵️♂️ Console hiding: Module to hide the console. 🕶️ Fake Error Simulation: Trick user into believing the program closed due to an error. 🎭 Startup Persistence: Ensures the program runs at system startup. 🚀 Anti-debugging Measures: Detects and exits when running in virtual machines (VMs). 🔍 Antivirus Evasion: Attempts to disable Windows Defender and block access to antivirus websites. 🦠 System Information Retrieval: Gathers CPU, GPU, RAM, IP, location, saved Wi-Fi networks, and more. 🖥️ Chromium-based Browsers Data Theft: Steals logins, cookies, credit cards, history, and download lists from 37 Chromium-based browsers. Gecko Browsers Data Theft: Steals logins, cookies, history, and download lists from 10 Gecko browsers. 🦊 Common Files Theft: Steals sensitive files from common locations. 🗂️ Discord Backup Codes Theft: Captures Discord Two-Factor Authentication (2FA) backup codes. 🔑 Wallet Data Theft: Steals data from 10 local wallets and 55 wallet extensions. 💰 Discord Tokens Theft: Extracts tokens from 4 Discord applications, Chromium-based browsers, and Gecko browsers. Games Data Theft: Extracts Epic Games, Uplay, Minecraft (14 launchers) and Riot Games sessions. 🎮 Discord Injection: Intercepts login, register, and 2FA login requests. Captures backup codes requests. Monitors email/password change requests. Intercepts credit card/PayPal addition requests. Blocks the use of QR codes for login. Prevents requests to view devices. Crypto Wallets Injection: Captures mnemonic phrases. Captures passwords. Crypto Clipper: Replaces the user's clipboard content with a specified crypto address when copying another address. 📋 This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
timboleik Posted January 13 Share Posted January 13 Is it possible to make the logs sent to telegram? Link to comment Share on other sites More sharing options...
itsMe Posted January 13 Author Share Posted January 13 hace 5 minutos, timboleik dijo: Is it possible to make the logs sent to telegram? you can read or what? Link to comment Share on other sites More sharing options...
Recommended Posts