Open Stanley-GF opened 3 years ago
cool, this is my grabber btw.
KSGrabber is entirely your grabber? I presume you're not the one running the malware on people currently, correct?
Feel free to open a PR with any corrections or improvements to the analysis 😉
On Mon, Sep 13, 2021 at 8:26 AM Stanley @.***> wrote:
cool, this is my grabber btw.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/masamesa/KSGrabber-MalwareAnalysis/issues/1, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADBKGJKZP7H7PQNK6FSNEPDUBXUXZANCNFSM5D5WOFPA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
-- ␕
btw nightfall didn't made a lot of things, just the antivm etc, and nice malware analysis ! 👍
btw nightfall didn't made a lot of things, just the antivm etc, and nice malware analysis ! 👍
I'll fix any mistakes, send me a dm on Twitter if you'd like proper credit for all that you wrote. I was just going based off of what I read in the code and what I could find online.
Really good analysis overall, However it doesn't inject the script in the console as you stated but rather in the discord installation files.
Really good analysis overall, However it doesn't inject the script in the console as you stated but rather in the discord installation files.
Oh Jesus Christ, I was extremely tired when I wrote the full analysis and thought it was injecting it into the dev console. I truly appreciate you reading through it all and finding that mistake; I don't know how I read the console.writeline as hooking electron to inject code into the web console. I'll alert everyone to nuke their client and reinstall.
Will make updates later with credits to you for my blunder.
Really good analysis overall, However it doesn't inject the script in the console as you stated but rather in the discord installation files.
Oh Jesus Christ, I was extremely tired when I wrote the full analysis and thought it was injecting it into the dev console. I truly appreciate you reading through it all and finding that mistake; I don't know how I read the console.writeline as hooking electron to inject code into the web console. I'll alert everyone to nuke their client and reinstall.
Will make updates later with credits to you for my blunder.
Ahah np but don't credit me, credit stanley it's his method. Also to be more precise the "Minecraft stealing" part is just getting session tokens, so if they just relaunch their game it'll change.
Bytix l'expert minecraftien 😏
do u have discord btw ?
do u have discord btw ?
Yeah feel free to add masamesa#0608
that's not the full code or your full discord tag @masamesa
that's not the full code or your full discord tag @masamesa
Pretty sure piratestealer has been updated since then, so this for sure not up to date.
Github removed the first 0 in my tag due to it thinking I was referencing an issue. My tag is masamesa# 0608.
cool, this is my grabber btw.