Greetings. Not too long ago I wrote a piece of malware, a stealer really, to steal data – obviously. I have kept it for myself for some time but for almost over a year I haven’t worked on it, and I decided that I have discontinued the development of it. Now I don’t want to give up on it completely, but currently I don’t see myself working on it, not in the near future anyway… So this is why I decided to move it to public space, maybe it’s gonna be interesting to some people and maybe it will get ported to linux one day too :P current version is 0.4.
It has served its purpose for me for what it has been created :)
This was my first real/big c++ project. Keep in mind it isn’t complete and might not be working in some weird and rare cases but as far as I have tested it never failed.
Ok, so feature list? yeah sure. It doesn’t have too much of them, currently it will steal:
- Skype chat logs and saves them into a HTML file for better viewing
- Internet Explorer browsing history (read below for details)
- Opera browsing history
- Firefox browsing history
- Chrome browsing history
- Uploads data to a remote server
- Saves data locally – can be run from flash drive
When the data is stolen it will be written to a folder structure like so: CURRENT_USER/DATE-TIME/*
Now about some of the features. Skype in my country is almost primary IM system, it goes side by side with facebook. Internet explorer history? not that no one uses it browse the web, I implemented it because it was rather fun to manipulate the binary index file and because the explorer.exe is heavily based on IE, so the local browsing history gets written to the index file and I can see where you have been going to, I can partially see the file structure in your computer. Opera? because it’s one of the most popular browsers and was very easy to implement. Firefox because it was also very easy and it is one of the most popular browsers.
Information stealing is easy as well. When the information gets read the stealer puts a control file in the folder of the application with last read milliseconds. On each run the files get read to keep track of what has been read already, since time doesn’t go backwards, you will always get the latest data. On first run everything will be read since there is no control file.
IE file is read in linear mode, so the results are not sorted by time or otherwise.
Does not require special admin rights and works as it should on Win7 with default UAC settings.
In the future I am planning to have a bit more control over everything, more stuff to steal.
On windows 7 it doesn’t grab data from Chrome or Skype when those programs are running, but seems to be OK in XP though, I’ll have to implement a UAC bypass some day.
Project has been coded in CodeBlocks because I like that IDE a lot. PHP code to receive data is in the project folder.
Project for viewing and download from GIT repo: https://github.com/kulverstukas1/stealthstalker