A new Windows trojan dubbed CStealer attempts to steal passwords stored in Chrome browser. The malware also uses a remote MongoDB server to store the stolen passwords.
As discovered by MalwareHunterTeam, CStealer steals credentials saved in Google Chrome’s password manager.
What is unique about this malware is CStealer does not send the stolen passwords to a C2 system. Instead, it connects to and stores the credentials in a remote MongoDB database.
“While this method ultimately serves its purpose of stealing passwords, it also opens the door for other attackers to gain access to the victim’s credentials,” Lawrence Abrams said in a BleepingComputer blog post.
Threat actors can retrieve the hardcoded credentials used in CStealer malware to gain access to the stolen credentials.