The malware along with the source code is available here https://github.com/cipher1234/PassStealer . This malware steals your saved browser password and sends to a remote server . First let me tell a little bit about how browsers saved passwords . The malware steals firefox passwords so I am going to focus on firefox (linux)
Firefox stores the password in a file logins.json inside a hidden directory called .mozilla in your home directory . The file logins.json is inside a random directory . The directory is something like this: xxxxxxx.default. The juicy stuffs inside logins.json is encrypted . The key is stored inside a database file called key4.db
Download the code from github. There you will find a python script file . You need to add a valid website to the the source file and a php script that can fetch post data and write it into a file . The malware can work in linux and windows . If you do the steps correctly you will see something like this . I modified the stuffs but this is the format
Happy hacking!!
