If you see this in a config, DO NOT DOWNLOAD.

[212]

"I'm not even gonna lie, this is a genius way to do this,"

this isn't new or genius at all. this has been used in many ways since nearly the beginning. using statements for redirection. renaming variables to look less sketchy. encoding urls and passing them to logging sites or to dl clippers. just goes to show people should actually pay attention to what it is they use.

[211]

"I'm not even gonna lie, this is a genius way to do this,"

this isn't new or genius at all. this has been used in many ways since nearly the beginning. using statements for redirection. renaming variables to look less sketchy. encoding urls and passing them to logging sites or to dl clippers. just goes to show people should actually pay attention to what it is they use.

Using the word genius as a replacement for smart, i didn't mean legitimately genius.

---

Holy, what a find, possible to maybe get the malicous config finder tool updated to get it to remove this aswell?

I will try to get this developed.

[1.563]

I always suggest everyone to deeply analyze any config he get even if config from his trustworthy friend, In this way he will not only identify stealers but also learn many ways how professionals makes configs!

Linkedin Learning Private Library Account!

Telegram Channel

Discord Server!

[2.414]

Any time you see this in a config, it is executing a stealer. I had this happen to me and when we sat there and looked at what it did, we came back to this:
https://github.com/w4sp-book/w4sp-lab

This is what it led back to.

It will look like this:


Or very similar.

I'm not even gonna lie, this is a genius way to do this, but once you run the config it (somehow) spreads to all your other configs. When you send them to anyone, the process starts again. As it is a stealer, it will steal your information. And this is one of the many reasons i suggest running configs on an RDP.

This is similar to the malicious API thing, but smarter as most people won't recognize it as anything.

Thanks for letting me know , i didnt get this config yet , what actaully it doing ?

==========
Telegram Channel
https://t.me/shieldteam1
===========

[211]

Any time you see this in a config, it is executing a stealer. I had this happen to me and when we sat there and looked at what it did, we came back to this:
https://github.com/w4sp-book/w4sp-lab

This is what it led back to.

It will look like this:


Or very similar.

I'm not even gonna lie, this is a genius way to do this, but once you run the config it (somehow) spreads to all your other configs. When you send them to anyone, the process starts again. As it is a stealer, it will steal your information. And this is one of the many reasons i suggest running configs on an RDP.

This is similar to the malicious API thing, but smarter as most people won't recognize it as anything.

Thanks for letting me know , i didnt get this config yet , what actaully it doing ?

Using chromedriver to rat you is about the simplest way I can put it lol.