Submitted via IRC for SoyCow1337
New Chrome Password Stealer Sends Stolen Data to a MongoDB Database
A new Windows trojan has been discovered that attempts to steal passwords stored in the Google Chrome browser. While this is nothing unique, what stands out is that the malware uses a remote MongoDB database to store the stolen passwords.
This trojan is called CStealer, and like many other info-stealing trojans, was created to target and steal login credentials that were saved in Google Chrome's password manager.
[...] Instead of compiling the stolen passwords into a file and sending them to a C2 under the attackers control, the malware connects directly to a remote MongoDB database and uses it to store the stolen credentials. To do this, the malware includes hardcoded MongoDB credentials and utilizes the MongoDB C Driver as a client library to connect to the database.
(Score: 2) by Thexalon on Monday December 02 2019, @09:17PM (3 children)
Mongo only pawn in game of life.
But really, I'm not sure how this would make it harder to figure out who's responsible. Mongo is an application. It runs on a server somewhere. Somebody controls that server. That somebody is either another victim who's been pwned and is controlled by somebody else, or is the bad guy.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 0) by Anonymous Coward on Monday December 02 2019, @09:21PM (1 child)
Candygram!
(Score: 0) by Anonymous Coward on Monday December 02 2019, @09:25PM
More beans anyone?
(Score: 4, Interesting) by sjames on Monday December 02 2019, @09:30PM
Sounds like time to either delete the database or pack it with chaff.
(Score: 3, Funny) by sjames on Monday December 02 2019, @09:26PM (1 child)
(Score: 0) by Anonymous Coward on Tuesday December 03 2019, @01:10PM
I came here SPECIFICALLY for this.
Thank you.
For the uninitiated:
https://www.youtube.com/watch?v=HdnDXsqiPYo [youtube.com]
(Score: 5, Funny) by theluggage on Monday December 02 2019, @09:54PM (1 child)
Fuck that. If my login credentials are stolen I want them kept in a proper ACID compliant database with enforced referential integrity and SQL support. You may think it will do for now, but wait until you hack more of my accounts and need to set up a many-to-one relationship with the make of my first car and you'll wish you'd just used PostgreSQL from the start.
I suppose they hacked it all together in some trendy crap like like node.js or Python too - well, don't come crying to me if you can't clean out my bank account because the rainbow table library you used got pulled from the repository.
rant = join([ f"{k}! get off my lawn!" for k in lawn if k['age'] < 36])
(Or should that be "Old man shouts at The Cloud"?)
(Score: 0) by Anonymous Coward on Monday December 02 2019, @10:34PM
I'm 37.
What?
I'm 37. I'm not old.
Well I can't just call you "man".
(Score: 0) by Anonymous Coward on Monday December 02 2019, @10:18PM
I heard earlier today netflix had discovered a way to stream videos offline. No hackers can get in then.
(Score: 0) by Anonymous Coward on Monday December 02 2019, @10:21PM
Did you say,
???
Hardly news, then.