W4SP Stealer
Official Repo (loTus04/WS4P-Stealer) got termed, this is a clone approuved by lotus w4sp Stealer official source code, one of the best python stealer on the web
W4SP Stealer | W4SP API | W4SP Bot
Setup [API]
Features [Stealer]
Global
- Saved Passwords
- Browser Cookies
- Get PC information
- AntiVM - Trust Factor system, it wont send data if Gmail cookies arent' found
- All files are uploaded to an external api <- Improved by xKian
- Data is send throught a Discord webhook
- Discord Tokens from browsers
- Discord Token from discord, discordcanary, discordPTBa
- Get all info on token (email, nitro/badge, rare friends)
- Exodus Wallet
- Metamask Wallet
- Atomic Walletk
- Steam Client
- Riot Client
- NationsGlory Client
- Telegram Session
- It will search throught the pc for: saved passwords, 2fa codes, wallet keys and other sensitive information
(idea came from Kiwi plugin on msf)
Features [Injector]
- Brilliant persistance technique (only in injector v1.1)
- Invisible in TaskManger StartUP tab (only in injector v1.1)
- FUD
- Fully runs in background
- Hides the stealer very well
Features [API]
- Easy to update/upgrade
- Compatible with all w4sp versions
- Using auto & custom obfuscation
- Manage Users and Webhooks with API
- Browser security => If a browser is detected (headers) it will obfusacate a fake wasp script <- Brilliant Idea by lath
Features [BOT]
- Easy to configure
- Manage Users and Webhooks using w4sp api
- Auto inject file.py
Few articles on W4SP (they where writen during beta-testing)
Most articles writen after that are 95% bullshit
- securelist.com ~ Two more malicious Python packages in the PyPI
- securityweek.com ~ Security Firms Find Over 20 Malicious PyPI Packages Designed for Data Theft
- digismak.com ~ Criminals steal data by spoofing popular open source package
- darkreading.com ~ Whack-a-Mole: More Malicious PyPI Packages Spring Up Targeting Discord, Roblox
ScreenShots
