-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Detect credential stealer using sqlite3 #232
Labels
Comments
Seems related to #159, is it a duplicate or does it make sense to keep both? |
Oh I missed that one. I think we can merge them in one issue. Any objection? |
let's do it! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Definition: Malware can collect credentials in browser file using sqlite3
Source: https://blog.cyble.com/2023/05/03/new-kekw-malware-variant-identified-in-pypi-package-distribution/
Sample:
Other stealers such as W4sp stealer, and reols package
See also: https://www.virustotal.com/gui/file/f1fed89b8db4855ff9adbb517b21f136ccc359c4caba2852e57994773501128a from https://github.com/ditekshen/detection:
Also often coupled with
win32crypt.CryptUnprotectData
e.g.The text was updated successfully, but these errors were encountered: