CStealer Trojan Steals Passwords from Chrome, Sends Them to Remote Database
CYBER NEWS

CStealer Trojan Steals Passwords from Chrome, Sends Them to Remote Database

CStealer is a new Trojan targeting Windows machines that tries to steal passwords stored in Google Chrome.

Of course, this is not the first case of such a Trojan being detected in the wild. However, what is new here is the fact that CStealer utilizes a remote MongoDB database to stash the stolen passwords.




The malware was discovered by MalwareHunterTeam and analyzed by a cybersecurity researcher known as James.

CStealer – Technical Overview

What sets aside this password-stealing Trojan from other similar threats is the fact that it uploads the harvested passwords from Chrome to a remote MongoDB database. The usual behavior of such a Trojan would be to compile the stolen data into a file, and then send it to a command-and-control server controlled by the malware operators.

Related: Mispadu Trojan Uses Malicious McDonalds Ads on Facebook to Spread

How does the communication with the MongoDB database take place?
CStealer includes hardcoded MongoDB credentials and uses the MongoDB C driver as a client library to connect to the database. Cybersecurity researcher James tested this and concluded that when the Trojan harvests Chrome passwords, it connects to the remote database with the idea to keep them for later retrieval.

This technique does serve the purse of stealing passwords but in the meantime, it creates an opportunity for other attackers to gain access to the stolen credentials. In fact, anyone analyzing the Trojan can retrieve the hardcoded credentials and use them to obtain access to the stolen data.

NOTE. If you suspect that you have been infected by CStealer, you can refer to our CStealer removal guide.

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...