So, right after gaining access to the passwords stored in Chrome Password Manager, it connects to the database to share data. Specifically, the Trojan connects to the database via MongoDB C Driver, for which, it also has the credentials. This behavior is in contrast with other trojans that compile the stolen information in a file and send it to a C&C server. It then transmits the extracted data to a remote MongoDB. Identified as CStealer, the Trojan has nothing special except its peculiar way of storing stolen passwords.Īccording to BleepingComputer, the malware first caught the attention of MalwareHunterTeam and then of a researcher James.Īn interesting #stealer found by exfils via mongoc to at:ġ8.220.85.117:27000 /b7zvSoYBFiĪs discovered, CStealer specifically pilfers stored passwords from the Google Chrome browser. Reportedly, researchers have discovered a new password stealing Trojan targeting Google Chrome. What’s different about this Chrome Password Stealing Trojan is that it stores all stolen passwords to a remote MongoDB database. Researchers have found a new password stealer targeting Google Chrome.
0 kommentar(er)
