(IMPORTANT) Informations regarding CLEO Keyloggers

0x_

Wtf I'm not new....
Administrator
Joined
Feb 18, 2013
Messages
1,116
Reaction score
167
sup' ugbase.
Since some weeks / months CLEO Keyloggers get more popular therefore, some CLEO's here might be infected (new ones).

Poor peoples integrate some keyloggers into their CLEO's to get profit out of accounts, they usually log ingame informations but it can't take long and they go with a global logger.

So far, one "bigger" Site is known and it is kat.cmhost.ru.

So, how to detect / how to stop it from stealing your stuff?

How to block the poor Stealer:
Go to C:\Windows\System32\drivers\etc and open your hosts file.
In this one you should see something like this:
Code:
127.0.0.1       localhost
If not, it's not bad you can just move further on.
now, just add after this line (or a new line) following:
CLICK HERE FOR THE LIST

This will redirect these calls to your localhost (therefore into nothing).

They may be using some other url, or direct ip access but for now it blocks some of these keyloggers.

How to detect them:
Even if crypted or anything you can detect them, as they need to make a outside call.
Just start some basic packet sniffer like Wireshark, it monitors all the packets sent and mostly they are sent trough HTTP and therefore you can detect them easy.
If you find some, i'll update this list.


We (the ugbase team) try our best to keep these CLEO's away from our section(s).


Good day, and fun doing whatever you normally do.
Also thanks to guys like m1zg4rd who made me know about the curren situation.
Peoples contributed to the list: m1zg4rd, Hidend.
 

ClausBear

Expert
Joined
Aug 19, 2013
Messages
647
Reaction score
0
Thanks alot for the fix i was getting kinda scared of all this bs
 

DzkAy

Well-known member
Joined
Feb 20, 2014
Messages
472
Reaction score
1
This is really nice and a very good fek to Stillers
 

TheZeRots

Expert
Joined
Dec 21, 2013
Messages
1,247
Reaction score
1
I may have a way to detect a keylogger by running it.

If someone has a keylogger for test, I'd like to try out my method, but I am pretty sure it works.

I won't say anything about it unless I can be 100% sure.

P.S. I think those are the only sites, I couldn't find any other.

P.P.S. Information*
 

beatc

Active member
Joined
Jul 6, 2014
Messages
87
Reaction score
0
hey guys, since we talking about stealers and stuff, can you guys upload the cleos containing stealers....that would be great guys  :lol:
 

YeAhx

Active member
Joined
Mar 13, 2014
Messages
109
Reaction score
1
I also want to test this cleo keylogger, I am pretty sure I will not be able to find any thing
except shit
but I still wanna try to use my brain.

Just trying to contribute  :dont_care:
 

0x_

Wtf I'm not new....
Administrator
Joined
Feb 18, 2013
Messages
1,116
Reaction score
167
#BUMP - Also, everyone is free to bump this if it's too long down of the topic list.
 

TheZeRots

Expert
Joined
Dec 21, 2013
Messages
1,247
Reaction score
1
[member=2]0x688[/member]
Make this a Global Announcement/Global Sticky.
#BUMP
 

blackHat

Expert
Joined
Jul 28, 2013
Messages
930
Reaction score
2
good , and clearly done ,,,

the power in 127.0.0.1 it was always and always will be :p
 

TheZeRots

Expert
Joined
Dec 21, 2013
Messages
1,247
Reaction score
1
blackHat link said:
good , and clearly done ,,,

the power in 127.0.0.1 it was always and always will be :p
Power in 127.0.0.1 and port 9050 is to make your Skype unresolvable.  :me_gusta:
 

0x_

Wtf I'm not new....
Administrator
Joined
Feb 18, 2013
Messages
1,116
Reaction score
167

Opcode.eXe

Expert
Joined
Feb 18, 2013
Messages
1,486
Reaction score
227
Location
( ͡° ͜ʖ ͡°)
You can also feel the stealer stealin your data!

Example:

You just wrote something into a dialog and pressed ENTER.
- In that moment you pressed ENTER you should 'see' the game stopping/lagging for like 1 Second. That is because the stealer is sending data to the logger page. CLEO pauses the game until it gets a response from the function to send the data. MEH.

:sweet_jesus:
 

TheZeRots

Expert
Joined
Dec 21, 2013
Messages
1,247
Reaction score
1
Opcode.eXe link said:
You can also feel the stealer stealin your data!

Example:

You just wrote something into a dialog and pressed ENTER.
- In that moment you pressed ENTER you should 'see' the game stopping/lagging for like 1 Second. That is because the stealer is sending data to the logger page. CLEO pauses the game until it gets a response from the function to send the data. MEH.

:sweet_jesus:
There are smart ones.
Those that write a temporary file somewhere on your PC and when your session ends it deletes it and sends it to a FTP -> of course, those are hard to protect against.
 

0x_

Wtf I'm not new....
Administrator
Joined
Feb 18, 2013
Messages
1,116
Reaction score
167
Mr.Ze link said:
[quote author=Opcode.eXe link=topic=9132.msg53288#msg53288 date=1407574763]
You can also feel the stealer stealin your data!

Example:

You just wrote something into a dialog and pressed ENTER.
- In that moment you pressed ENTER you should 'see' the game stopping/lagging for like 1 Second. That is because the stealer is sending data to the logger page. CLEO pauses the game until it gets a response from the function to send the data. MEH.

:sweet_jesus:
There are smart ones.
Those that write a temporary file somewhere on your PC and when your session ends it deletes it and sends it to a FTP -> of course, those are hard to protect against.
[/quote]
And easy to fuck up :p
 

Opcode.eXe

Expert
Joined
Feb 18, 2013
Messages
1,486
Reaction score
227
Location
( ͡° ͜ʖ ͡°)
There are smart ones.
Those that write a temporary file somewhere on your PC and when your session ends it deletes it and sends it to a FTP -> of course, those are hard to protect against.
[/quote]

What? Send me an example.... i wanna see that..
 
Top