BrowseSpy - Code developed to steal certain browser config files (history, preferences, etc)

Be sure to change the FTP variables throughout the code, these variables contain the username, password, & IP address of the FTP server which receives the files.

This code will do the following:

Copy itself into the %TMP% directory & name itself ursakta.exe
Add a registry entry to execute itself each time the user logs in
Verify which browser the user is using (Chrome, Firefox or Brave)
Search for files within the Chrome, Firefox, or Brave browser directories
Create a directory on our FTP server then send the files in the browser's directory to the FTP server

Cross Compiling with MingW on Linux

Install command with Apt:

sudo apt-get install mingw-w64

64-bit:

x86_64-w64-mingw32-gcc *input file* -o *output file* -lwininet -lversion

32-bit:

i686-w64-mingw32-gcc *input file* -o *output file* -lwininet -lversion

From the Victim's Perspective:

Registry entry:

File activity:

FTP connection:

Detection Rate:

This detection rate is after stripping the executable with strip --strip-all *filename.c*

More: https://github.com/1d8/spybrowse

August 18, 2020

Author

Hakin9 TEAM: Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.

Latest Articles

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments

Inline Feedbacks

View all comments

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

BrowseSpy - Code developed to steal certain browser config files (history, preferences, etc)

Cross Compiling with MingW on Linux

From the Victim's Perspective:

Detection Rate:

Author

Latest Articles

Popular Authors

Latest Courses

Hacking Blockchain based APIs (W69)

Penetration testing OWASP Top 10 Vulnerabilities (W68)

IoT Security - the DVID Challenge - NEW EDITION (W67)

https://hakin9.org/wp-content/uploads/2020/01/hakin91-copy-1-1.png

BrowseSpy - Code developed to steal certain browser config files (history, preferences, etc)

Cross Compiling with MingW on Linux

From the Victim's Perspective:

Detection Rate:

Author

Latest Articles

Popular Authors

Latest Courses

Hacking Blockchain based APIs (W69)

Penetration testing OWASP Top 10 Vulnerabilities (W68)

IoT Security - the DVID Challenge - NEW EDITION (W67)

Thank you!

https://hakin9.org/wp-content/uploads/2020/01/hakin91-copy-1-1.png