Title | New Chrome Password Stealer Sends Stolen Data to a MongoDB Database | |
Date | Monday December 02 2019, @09:07PM | |
Author | janrinok | |
Topic | ||
from the who-controls-the-database? dept. |
Submitted via IRC for SoyCow1337
New Chrome Password Stealer Sends Stolen Data to a MongoDB Database
A new Windows trojan has been discovered that attempts to steal passwords stored in the Google Chrome browser. While this is nothing unique, what stands out is that the malware uses a remote MongoDB database to store the stolen passwords.
This trojan is called CStealer, and like many other info-stealing trojans, was created to target and steal login credentials that were saved in Google Chrome's password manager.
[...] Instead of compiling the stolen passwords into a file and sending them to a C2 under the attackers control, the malware connects directly to a remote MongoDB database and uses it to store the stolen credentials. To do this, the malware includes hardcoded MongoDB credentials and utilizes the MongoDB C Driver as a client library to connect to the database.
Links |
printed from SoylentNews, New Chrome Password Stealer Sends Stolen Data to a MongoDB Database on 2024-04-25 20:04:58