About Teletype
Join
THREAD
@thread_type
March 8

Wish Stealer

Stealer написанный на Node.js, специально разработанный для извлечения конфиденциальных данных из браузеров на базе Chromium и Firefox. Это вредоносное ПО крадет токены, файлы cookie, криптовалютные кошельки и многое другое.

Особенности

  • Development
    • Clean and efficient codebase.
    • Up-to-date dependencies.
    • Minimal reliance on external Node.js libraries.
  • Modules
    • antidebug: Terminates debugging tools (incomplete).
    • antivirus: Disables Windows Defender and blocks access to antivirus-related websites.
    • antivm: Terminates execution if running inside a virtual machine environment.
    • browsers:
      • Captures logins, cookies, credit card details, bookmarks, autofill data, browsing history, and downloads from 37 Chromium-based browsers.
      • Captures logins, cookies, browsing history, bookmarks, and downloads from 10 Gecko/Firefox-based browsers.
    • sessions: Extracts active sessions from platforms like Spotify, TikTok, and Instagram.
    • clipper: Monitors the clipboard for crypto addresses and replaces them.
    • commonfiles: Collects sensitive files from common directories on the system.
    • fakeerror: Displays a fake error message to trick users into thinking the program has crashed.
    • games: Extracts session data from popular game launchers like Epic Games and Minecraft and More.
    • hideconsole: Hides the console window to run the program discreetly. 👀
    • injections: Injects into applications like Discord and crypto wallets to capture sensitive information.
      • discord:
        • Persistent startup injection (remains active even if the user attempts to remove it).
        • Captures logins, registration data, and two-factor authentication requests.
        • Intercepts email and password change requests as well as backup code requests.
        • Blocks QR code logins and views of connected devices.
        • Phishing mode simulates alerts to trick users into changing their email credentials.
    • killprocess: Terminates processes that are listed in a predefined blacklist.
    • socials: Extracts data from over 20 social media applications, stealing sensitive information from each.
    • startup: Ensures the program launches automatically when the system starts.
    • stealcodes: Captures (2FA) codes from services like Discord, GitHub, Google, and more.
    • system: Gathers detailed system information including IP address, installed antivirus software, screenshots, CPU, GPU, RAM details, location, and saved Wi-Fi networks.
    • tokens: Extracts tokens from four Discord applications and over 30 browsers.
    • vpns: Retrieves sensitive files from over 20 VPN applications installed on the system.
    • wallets: Extracts data from more than 30 browser-based cryptocurrency wallets, as well as crucial information from locally installed wallets.

Download | Github

#malware
March 8, 11:28
0 views
0 reposts