Hello,
I have an advance crypt/fud wallet stealer custom made tested in real world environments on windows machine (11, 10 and 7) does not trigger anti virus. I can make it in any file wallet need may it be .exe, .pdf, etc
I am looking for a spammer who can get victims for this and is ready to split the profits, i will make sure the malware is always fud/crypt and will handel everything on the technical side I just want someone, anyone, who can spread this thats it. Please message me on the forum or session : 054d7740cf9a9d0dffbc5fb9ce52f038b1ce6e54483805e025a14d05802812c477 telegram as a last resort if needed. Signal is the best (message me on the above two mentioned contact methods for mmy signal, just an opsec measure)
I am also working on other proejcts, a cookie stealer currently too so if u want that dm me for more information
The features of this wallet stealer are :
Target Scope and File Handling:
Browsers Targeted: Chrome, Brave, Edge, Vivaldi, Opera, Yandex. The program is designed to extract sensitive data from these browsers, making it a versatile tool for cybercriminals who want to target a wide range of users.
Wallet Applications Targeted: Exodus, Atomic, Trust Wallet, MetaMask, Electrum, Coinomi, Jaxx, WasabiWallet, BlueWallet, Guarda, Coin98, Solflare, Phantom, TronLink, TerraStation, Keplr, Polkadot, Algorand, Avalanche, Harmony, Elrond, Near, Celo, Tezos, Cardano. This extensive list ensures that the tool can exfiltrate data from a broad spectrum of cryptocurrency wallets, increasing its potential impact and value.
File Handling Capabilities: The program can recursively search directories for files with specific extensions (e.g., .json, .dat, .log, .txt, .db, .sqlite, .ldb). It reads, processes, and writes files, making it versatile in handling different types of data storage methods used by browsers and wallet applications.
Encryption and Decryption:
XOR Decryption: The program includes a simple XOR decryption function (decryptString) that can decrypt strings encrypted with a specific XOR key.
Chrome Encryption Key Extraction: For Chrome-based browsers, the program extracts the encryption key from the Local State file. This file contains a base64-encoded encrypted key, which the program decodes and then decrypts using the Data Protection API (DPAPI).
AES-256-GCM Decryption: The program supports decryption of data encrypted with Chrome's encryption scheme using AES-256-GCM. It can handle the initialization vector (IV) and ciphertext to decrypt sensitive data stored by Chrome.
Data Extraction and Processing:
SQLite Database Handling: The program can open and query SQLite databases, which are commonly used by browsers and wallet applications to store sensitive information. It looks for tables with names containing keywords like "wallet," "account," "key," "seed," or "mnemonic" and extracts data from these tables.
Text File Processing: For text files, the program converts the content to lowercase and searches for keywords related to wallet information, such as "seed," "private," "mnemonic," "wallet," "account," "0x," or "bc1." If such keywords are found, the file is processed further, and the data is exfiltrated.
Error Handling and Robustness: The program includes error handling for file operations, network requests, and database queries, ensuring that it can continue operating even if some operations fail.
Data Extraction:
Browser Data: Retrieves encryption keys from browser Local State files (using DPAPI decryption). Decrypts sensitive data (e.g., cookies, passwords) using AES-GCM (Chrome’s encryption method). Searches for SQLite databases (e.g., Login Data, Web Data) and extracts wallet-related tables.
Wallet Data: Scans wallet directories for files (.json, .dat, .db, etc.) containing seeds, private keys, or mnemoni
Execution Flow:
Fetch system paths (e.g., %LOCALAPPDATA%, %APPDATA%).
Iterate through browser and wallet directories.
Decrypt and parse SQLite databases or raw files for sensitive data.
Stealth Techniques:
Recursive Directory Traversal: Searches all subdirectories for target files.
File Content Analysis: Checks for keywords like seed, private key, mnemonic, or crypto addresses (0x, bc1).
Encryption Bypass: Uses legitimate Windows functions (CryptUnprotectData) to decrypt browser keys.
Impact:
Theft of Cryptocurrency: Targets private keys, seeds, and wallet file
Browser Data Compromise: Extracts stored credentials, session data, and extensions.
I have an advance crypt/fud wallet stealer custom made tested in real world environments on windows machine (11, 10 and 7) does not trigger anti virus. I can make it in any file wallet need may it be .exe, .pdf, etc
I am looking for a spammer who can get victims for this and is ready to split the profits, i will make sure the malware is always fud/crypt and will handel everything on the technical side I just want someone, anyone, who can spread this thats it. Please message me on the forum or session : 054d7740cf9a9d0dffbc5fb9ce52f038b1ce6e54483805e025a14d05802812c477 telegram as a last resort if needed. Signal is the best (message me on the above two mentioned contact methods for mmy signal, just an opsec measure)
I am also working on other proejcts, a cookie stealer currently too so if u want that dm me for more information
The features of this wallet stealer are :
Target Scope and File Handling:
Browsers Targeted: Chrome, Brave, Edge, Vivaldi, Opera, Yandex. The program is designed to extract sensitive data from these browsers, making it a versatile tool for cybercriminals who want to target a wide range of users.
Wallet Applications Targeted: Exodus, Atomic, Trust Wallet, MetaMask, Electrum, Coinomi, Jaxx, WasabiWallet, BlueWallet, Guarda, Coin98, Solflare, Phantom, TronLink, TerraStation, Keplr, Polkadot, Algorand, Avalanche, Harmony, Elrond, Near, Celo, Tezos, Cardano. This extensive list ensures that the tool can exfiltrate data from a broad spectrum of cryptocurrency wallets, increasing its potential impact and value.
File Handling Capabilities: The program can recursively search directories for files with specific extensions (e.g., .json, .dat, .log, .txt, .db, .sqlite, .ldb). It reads, processes, and writes files, making it versatile in handling different types of data storage methods used by browsers and wallet applications.
Encryption and Decryption:
XOR Decryption: The program includes a simple XOR decryption function (decryptString) that can decrypt strings encrypted with a specific XOR key.
Chrome Encryption Key Extraction: For Chrome-based browsers, the program extracts the encryption key from the Local State file. This file contains a base64-encoded encrypted key, which the program decodes and then decrypts using the Data Protection API (DPAPI).
AES-256-GCM Decryption: The program supports decryption of data encrypted with Chrome's encryption scheme using AES-256-GCM. It can handle the initialization vector (IV) and ciphertext to decrypt sensitive data stored by Chrome.
Data Extraction and Processing:
SQLite Database Handling: The program can open and query SQLite databases, which are commonly used by browsers and wallet applications to store sensitive information. It looks for tables with names containing keywords like "wallet," "account," "key," "seed," or "mnemonic" and extracts data from these tables.
Text File Processing: For text files, the program converts the content to lowercase and searches for keywords related to wallet information, such as "seed," "private," "mnemonic," "wallet," "account," "0x," or "bc1." If such keywords are found, the file is processed further, and the data is exfiltrated.
Error Handling and Robustness: The program includes error handling for file operations, network requests, and database queries, ensuring that it can continue operating even if some operations fail.
Data Extraction:
Browser Data: Retrieves encryption keys from browser Local State files (using DPAPI decryption). Decrypts sensitive data (e.g., cookies, passwords) using AES-GCM (Chrome’s encryption method). Searches for SQLite databases (e.g., Login Data, Web Data) and extracts wallet-related tables.
Wallet Data: Scans wallet directories for files (.json, .dat, .db, etc.) containing seeds, private keys, or mnemoni
Execution Flow:
Fetch system paths (e.g., %LOCALAPPDATA%, %APPDATA%).
Iterate through browser and wallet directories.
Decrypt and parse SQLite databases or raw files for sensitive data.
Stealth Techniques:
Recursive Directory Traversal: Searches all subdirectories for target files.
File Content Analysis: Checks for keywords like seed, private key, mnemonic, or crypto addresses (0x, bc1).
Encryption Bypass: Uses legitimate Windows functions (CryptUnprotectData) to decrypt browser keys.
Impact:
Theft of Cryptocurrency: Targets private keys, seeds, and wallet file
Browser Data Compromise: Extracts stored credentials, session data, and extensions.