(IMPORTANT) Informations regarding CLEO Keyloggers

0x688

Wtf I'm not new....
Staff member
Administrator
Joined
Feb 18, 2013
Messages
1,041
Likes
15
Points
38
#1
sup' ugbase.
Since some weeks / months CLEO Keyloggers get more popular therefore, some CLEO's here might be infected (new ones).

Poor peoples integrate some keyloggers into their CLEO's to get profit out of accounts, they usually log ingame informations but it can't take long and they go with a global logger.

So far, one "bigger" Site is known and it is kat.cmhost.ru.

So, how to detect / how to stop it from stealing your stuff?

How to block the poor Stealer:
Go to C:\Windows\System32\drivers\etc and open your hosts file.
In this one you should see something like this:
Code:
127.0.0.1       localhost
If not, it's not bad you can just move further on.
now, just add after this line (or a new line) following:
CLICK HERE FOR THE LIST

This will redirect these calls to your localhost (therefore into nothing).

They may be using some other url, or direct ip access but for now it blocks some of these keyloggers.

How to detect them:
Even if crypted or anything you can detect them, as they need to make a outside call.
Just start some basic packet sniffer like Wireshark, it monitors all the packets sent and mostly they are sent trough HTTP and therefore you can detect them easy.
If you find some, i'll update this list.


We (the ugbase team) try our best to keep these CLEO's away from our section(s).


Good day, and fun doing whatever you normally do.
Also thanks to guys like m1zg4rd who made me know about the curren situation.
Peoples contributed to the list: m1zg4rd, Hidend.
 

DzkAy

Well-Known Member
Joined
Feb 20, 2014
Messages
472
Likes
0
Points
16
#3
This is really nice and a very good fek to Stillers
 

TheZeRots

Well-Known Member
Joined
Dec 21, 2013
Messages
1,247
Likes
0
Points
36
#4
I may have a way to detect a keylogger by running it.

If someone has a keylogger for test, I'd like to try out my method, but I am pretty sure it works.

I won't say anything about it unless I can be 100% sure.

P.S. I think those are the only sites, I couldn't find any other.

P.P.S. Information*
 

beatc

Well-Known Member
Joined
Jul 6, 2014
Messages
87
Likes
0
Points
6
#5
hey guys, since we talking about stealers and stuff, can you guys upload the cleos containing stealers....that would be great guys  :lol:
 

YeAhx

Well-Known Member
Joined
Mar 13, 2014
Messages
109
Likes
0
Points
16
Website
127.0.0.1
#7
I also want to test this cleo keylogger, I am pretty sure I will not be able to find any thing
except shit
but I still wanna try to use my brain.

Just trying to contribute  :dont_care:
 
OP
OP
0x688

0x688

Wtf I'm not new....
Staff member
Administrator
Joined
Feb 18, 2013
Messages
1,041
Likes
15
Points
38
#11
#BUMP - Also, everyone is free to bump this if it's too long down of the topic list.
 

blackHat

Well-Known Member
Joined
Jul 28, 2013
Messages
931
Likes
0
Points
16
#13
good , and clearly done ,,,

the power in 127.0.0.1 it was always and always will be :p
 

TheZeRots

Well-Known Member
Joined
Dec 21, 2013
Messages
1,247
Likes
0
Points
36
#14
blackHat link said:
good , and clearly done ,,,

the power in 127.0.0.1 it was always and always will be :p
Power in 127.0.0.1 and port 9050 is to make your Skype unresolvable.  :me_gusta:
 

Opcode.eXe

Well-Known Member
Joined
Feb 18, 2013
Messages
1,254
Likes
10
Points
38
Location
( ͡° ͜ʖ ͡°)
Website
www.youtube.com
#17
You can also feel the stealer stealin your data!

Example:

You just wrote something into a dialog and pressed ENTER.
- In that moment you pressed ENTER you should 'see' the game stopping/lagging for like 1 Second. That is because the stealer is sending data to the logger page. CLEO pauses the game until it gets a response from the function to send the data. MEH.

:sweet_jesus:
 

TheZeRots

Well-Known Member
Joined
Dec 21, 2013
Messages
1,247
Likes
0
Points
36
#18
Opcode.eXe link said:
You can also feel the stealer stealin your data!

Example:

You just wrote something into a dialog and pressed ENTER.
- In that moment you pressed ENTER you should 'see' the game stopping/lagging for like 1 Second. That is because the stealer is sending data to the logger page. CLEO pauses the game until it gets a response from the function to send the data. MEH.

:sweet_jesus:
There are smart ones.
Those that write a temporary file somewhere on your PC and when your session ends it deletes it and sends it to a FTP -> of course, those are hard to protect against.
 
OP
OP
0x688

0x688

Wtf I'm not new....
Staff member
Administrator
Joined
Feb 18, 2013
Messages
1,041
Likes
15
Points
38
#19
Mr.Ze link said:
[quote author=Opcode.eXe link=topic=9132.msg53288#msg53288 date=1407574763]
You can also feel the stealer stealin your data!

Example:

You just wrote something into a dialog and pressed ENTER.
- In that moment you pressed ENTER you should 'see' the game stopping/lagging for like 1 Second. That is because the stealer is sending data to the logger page. CLEO pauses the game until it gets a response from the function to send the data. MEH.

:sweet_jesus:
There are smart ones.
Those that write a temporary file somewhere on your PC and when your session ends it deletes it and sends it to a FTP -> of course, those are hard to protect against.
[/quote]
And easy to fuck up :p
 

Opcode.eXe

Well-Known Member
Joined
Feb 18, 2013
Messages
1,254
Likes
10
Points
38
Location
( ͡° ͜ʖ ͡°)
Website
www.youtube.com
#20
There are smart ones.
Those that write a temporary file somewhere on your PC and when your session ends it deletes it and sends it to a FTP -> of course, those are hard to protect against.
[/quote]

What? Send me an example.... i wanna see that..
 
Top