- Apr 13, 2013
- 3,224
- Content source
- https://youtu.be/IPA5uQcIwWM
Fun With a Password Stealer
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Better keep the cat always happy. Otherwise she will run with a lifetimesupply of tuna bought with your money 
It's always fun to watch what her videos.
It's always fun to watch what her videos.
- May 13, 2017
- 2,638
I wonder, is it able to steal autofill, if automatic autofill is disabled and password protected?
- Apr 13, 2013
- 3,224
As long as the login/pwd data was initially entered into the browser it is barely an inconvenience to acquire such data.I wonder, is it able to steal autofill, if automatic autofill is disabled and password protected?
- Apr 5, 2021
- 620
Interesting, yet probably not surprising, I notice the Destination addresses in these Stealer videos are never ipv6. Maybe futile to ask, but is the Destination Port TCP 80?
- Feb 7, 2023
- 2,349
They steal not only the saved passwords but session cookies as well. Using these cookies, they can frequently recreate a session without having to log-in at all. Disabling auto-fill or using a 3P password manager will not help against that.
- Sep 2, 2021
- 2,586
Stealers are very fast at stealing passwords.
Even if some of them fall asleep during the execution phase, their triggers can have devastating effects.
Note that "anti-logger" software is often outdated because stealers often adopt new methods (Keylogging, Cookie stealing, Token Grabbing etc).
The best thing to do is not to download anything and everything from the Internet (untrusted sites, crack on YouTube/P2P/Torrent/DDL) and to have a good security with firewall!
PS: I still like the videos of our @cruelsister and cat = <3 ^^
Even if some of them fall asleep during the execution phase, their triggers can have devastating effects.
Note that "anti-logger" software is often outdated because stealers often adopt new methods (Keylogging, Cookie stealing, Token Grabbing etc).
The best thing to do is not to download anything and everything from the Internet (untrusted sites, crack on YouTube/P2P/Torrent/DDL) and to have a good security with firewall!
PS: I still like the videos of our @cruelsister and cat = <3
^^
- Apr 13, 2013
- 3,224
Actually a very good question! As the traffic was HTTPS, I prefer and the malware connected on Port 443.
If one chooses to utilize AutoFill such input would have been listed in the AutoFill directory (1:39 of the video). And although I picked on Chrome here, that folder would have also included data from FireFox
- Apr 5, 2021
- 620
One more question if I may,
did this stealer bypass UAC, or did it run entirely in user space?
did this stealer bypass UAC, or did it run entirely in user space?
- Apr 13, 2013
- 3,224
Although I didn't try this at the time (mainly because UAC typically will ignore a plethora of malware), I did just set UAC at max and ran both this one as well as the stealer used in the previous video and both resulted in system infection without a peep from UAC.
Previously I would have termed UAC "feel good protection"; but now it is demoted to "feel good annoyance".
Last edited:
- Feb 1, 2013
- 970
besides, privilege escalation seems pretty easy these days.. great video!
Maybe because the focus of the security industry has always been on RCE bugs/exploits. PE has become just as important as RCE. There will always be way to gain a foothold on a box/machine through whatever means, but the key these days is how you can or if you can elevate to admin. SRP/Whitelisting/LOLbin blocking can help in both RCE & PE, there are some very good software options for these methods out there.
Last edited:
Similar threads
