SoranoStealer
Sorano (by Alexuiop1337)
| SoranoStealer | dbsc | |
|---|---|---|
| 2 | 2 | |
| 16 | 253 | |
| - | 4.0% | |
| 10.0 | 7.8 | |
| almost 5 years ago | 25 days ago | |
| C# | HTML | |
| - | GNU General Public License v3.0 or later |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
SoranoStealer
Posts with mentions or reviews of SoranoStealer.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2024-04-17.
-
Show HN: Device-Bound Session Tokens in JavaScript
httponly cookies are meant to prevent attacks like XSS by preventing access to them from client-side JS. However, they can still be stolen by malware on the device (there's a whole class of them called "cookie stealers"). Generally, they search through the infected machine's filesystem and pull out any cookies they find, or at least cookies that the attacker would be interested in. No client-side JS is required for this, so the httponly attribute doesn't help. There have also some browser extension-based cookie stealers that may work along similar principles. Take a look at this old open source stealer to get a sense of how they work: https://github.com/Alexuiop1337/SoranoStealer/tree/master/So...
Session-Lock and Chrome's DBSC are designed to combat these cookie stealers specifically. The premise is that even if an attacker exfiltrates the token itself, it would not be able to be used because the server would reject it if it is not signed by the correct private key when the network request is made. This private key can (or should) only exist on the legitimate device, not the attacker's machine. There may or may not be ways to extract the private key as well, but in any event, it would be a much more complicated attack.
-
Russian Phishing campaign targets YouTube creators with cookie theft malware
We have observed that actors use various types of malware based on personal preference, most of which are easily available on Github. Some commodity malware used included RedLine, Vidar, Predator The Thief, Nexus stealer, Azorult, Raccoon, Grand Stealer, Vikro Stealer, Masad (Google’s naming), and Kantal (Google’s naming) which shares code similarity with Vidar. Open source malware like Sorano and AdamantiumThief were also observed. Related hashes are listed in the Technical Details section, at the end of this report.
dbsc
Posts with mentions or reviews of dbsc.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2024-04-17.
What are some alternatives?
When comparing SoranoStealer and dbsc you can also consider the following projects:
Adamantium-Thief - :key: Decrypt chromium based browsers passwords, cookies, credit cards, history, bookmarks, autofill. Version > 80 is supported.