yearly maldev bug in my brain is calling my name

im working on a windows stealer. will be ossed soon like the mac one last year. it is interesting how the most effective method for decrypting browser data nowadays requires you to inject a dll into a browser process itself.

@7N7 Damn, too many things waiting for you down there it almost gave me brain damage.

@ZeroMemoryEx x.com/7n7/status/199… i have seen some stuff already unfortunately. 🫩

@7N7 Yeah it’s a lot of effort since you have to handle both ABE and the classic one in ABE some maldevs focus on stealth while others don’t because the browser closes and users notice i can share what I did if you’re interested or you can figur it out yourself if you like challenges.

from what ive figured out till now, easiest way to go about abe is: 1. check if browser process is running 2a. not running? run in headless mode 2b. running? proceed 3. open com pipe 4. inject dll (this black magic - github.com/xaitax/Chrome-…) 5a. file we want to exfil data from has lock on it? v10, proceed with old decryption 5b. no lock? decrypt the data in the dll we injected earlier and send it back via a pipe if you have a better idea, my signal is pinned. since this stuff has changed quite a bit since the last time i did anything near windows malware id love to hear about it :)