CStealer is a Trojan targeted at Windows systems. The malicious application was designed to steal passwords from Google Chrome browsers. According to cybersecurity experts, there are plenty of similar password stealers that can obtain a victim’s login credentials. Nonetheless, this malicious application is slightly unusual as it uses a MongoDB database to store stolen sensitive information. Apparently, this may allow other hackers who may gain the malware’s copy to retrieve stolen passwords from the database for themselves. Thus, if you end up receiving this malicious application, passwords stored on your Google Chrome could be exposed not just to the threat’s developers but also to other hackers who could obtain the Trojan’s copy. Consequently, we advise taking immediate action if you learn that this malicious application infected your computer. Also, we recommend removing CStealer as fast as possible. To learn how to erase it as well as more about its working manner, we invite you to read our full article.
Trojans like CStealer can appear on your system uninvited and when you least expect it. They can travel in disguise, which means their victims might be tricked into opening their launchers without realizing that they are harmful. Often users receive malicious launchers with Spam emails or other messages from senders they do not know. Such messages might claim they carry an important file or a link that a user might be asked to open immediately.
Of course, instead of launching data received from someone you do not know, even if the sender claims to be working for a reputable company, you should scan the attachment with a reputable antimalware tool to learn whether it is malicious or not. As for links, we recommend checking if there is nothing suspicious about such content. Perhaps, the URL address seems to be incorrect or has random symbols, numbers, and so on? If so, the link might be harmful, and it could redirect you to a malicious site instead of leading you to a legit website. Opening malicious files or links could result in you receiving a Trojan or another malicious application, so it is best never to let your guard down.
The sample tested by or specialists did not work correctly, which is why CStealer did not steal any passwords from our test machine. However, our researchers say that working installers might record passwords from Windows users who store their login credentials on Google Chrome’s password manager. The Trojan does so by exploiting a specific function of the mentioned application. Cybersecurity specialists say that it is not something that can be patched as the function that might be utilized is an intended function that is needed for the tool to work. Thus, this is not one of the cases when a threat gets in or manages to do damage by exploiting unpatched vulnerabilities or weaknesses alike.
Knowing that CStealer is not the first and probably not the last threat that targets passwords saved on Google Chrome, you may want to search for another way to save your passwords so you would not forget them if you do not want to put your passwords and accounts that they protect at risk. Instead, you could use a dedicated password manager. Such a tool would be more challenging to hack, so it might be safer to store passwords on a dedicated password manager instead of using a tool that is integrated into your browser. Of course, if you find CStealer on your computer, you should take extra precautions first and leave the question of how to protect your saved passcodes for later.
As said earlier, if the Trojan steals passwords from a victim’s browser, it should upload them on a MongoDB database. The login credentials of this database seem to be hardcoded into the malware, which makes it might be possible for anyone who gains a copy of the malware to possibly obtain them, log into the database, and gain access to the Trojan’s stolen passwords. As a consequence, passwords of the malware’s victims might be exposed to lots of different people. Thus, if you learn that CStealer took your credentials, we advise changing passcodes of all of your compromised accounts at once. It is the best way to ensure that hackers who may have your passwords will not be able to misuse them. Needless to say that this time, we highly recommend storing your new passwords on a dedicated password manager instead of your browser.
Since our sample of the Trojan did not work correctly, we could not prepare manual deletion instructions. In this case, we recommend erasing CStealer with an antimalware tool. If you have no idea where to start, you could follow the instructions located below.