(IMPORTANT) Informations regarding CLEO Keyloggers

[0x_]

sup' ugbase.
Since some weeks / months CLEO Keyloggers get more popular therefore, some CLEO's here might be infected (new ones).

Poor peoples integrate some keyloggers into their CLEO's to get profit out of accounts, they usually log ingame informations but it can't take long and they go with a global logger.

So far, one "bigger" Site is known and it is kat.cmhost.ru.

So, how to detect / how to stop it from stealing your stuff?

How to block the poor Stealer:
Go to C:\Windows\System32\drivers\etc and open your hosts file.
In this one you should see something like this:

127.0.0.1       localhost

If not, it's not bad you can just move further on.
now, just add after this line (or a new line) following:
CLICK HERE FOR THE LIST

This will redirect these calls to your localhost (therefore into nothing).

They may be using some other url, or direct ip access but for now it blocks some of these keyloggers.

How to detect them:
Even if crypted or anything you can detect them, as they need to make a outside call.
Just start some basic packet sniffer like Wireshark, it monitors all the packets sent and mostly they are sent trough HTTP and therefore you can detect them easy.
If you find some, i'll update this list.


We (the ugbase team) try our best to keep these CLEO's away from our section(s).


Good day, and fun doing whatever you normally do.
Also thanks to guys like m1zg4rd who made me know about the curren situation.
Peoples contributed to the list: m1zg4rd, Hidend.

 

[ClausBear]

Thanks alot for the fix i was getting kinda scared of all this bs

 

[DzkAy]

This is really nice and a very good fek to Stillers

 

[TheZeRots]

I may have a way to detect a keylogger by running it.

If someone has a keylogger for test, I'd like to try out my method, but I am pretty sure it works.

I won't say anything about it unless I can be 100% sure.

P.S. I think those are the only sites, I couldn't find any other.

P.P.S. Information*

 

[beatc]

hey guys, since we talking about stealers and stuff, can you guys upload the cleos containing stealers....that would be great guys  :lol:

 

[inZ]

:celeral_spitting:

 

[YeAhx]

I also want to test this cleo keylogger, I am pretty sure I will not be able to find any thing

Spoiler

except shit

but I still wanna try to use my brain.

Spoiler

Just trying to contribute  :dont_care:

 

[Hidend]

hey guys, since we talking about stealers and stuff, can you guys upload the cleos containing stealers....that would be great guys  :lol:

http://rghost.ru/56917528

---

http://rghost.net/57263310

---

https://yadi.sk/d/2XyqFuqqYnrJk

---

http://rghost.net/57221666

---

http://rghost.ru/57213350

---

http://rghost.net/57200977

---

https://yadi.sk/d/BzS1gljPYodaH

---

http://rghost.net/57333963

 

[m1zg4rd_PL]

If someone has a keylogger for test, I'd like to try out my method, but I am pretty sure it works.

http://ugbase.eu/requests-10/key-stalker/msg52360/#msg52360 It stores keys to dump.txt in CLEO folder.

 

[TheZeRots]

[quote author=Mr.Ze link=topic=9132.msg53117#msg53117 date=1407506350]
If someone has a keylogger for test, I'd like to try out my method, but I am pretty sure it works.

http://ugbase.eu/requests-10/key-stalker/msg52360/#msg52360 It stores keys to dump.txt in CLEO folder.
[/quote]
Thanks!

 

[0x_]

#BUMP - Also, everyone is free to bump this if it's too long down of the topic list.

 

[TheZeRots]

[member=2]0x688[/member]
Make this a Global Announcement/Global Sticky.
#BUMP

 

[blackHat]

good , and clearly done ,,,

the power in 127.0.0.1 it was always and always will be

 

[TheZeRots]

good , and clearly done ,,,

the power in 127.0.0.1 it was always and always will be

Power in 127.0.0.1 and port 9050 is to make your Skype unresolvable.  :me_gusta:

 

[0x_]

#BUMP

 

[Chuck]

Thanks for info.

 

[Opcode.eXe]

You can also feel the stealer stealin your data!

Example:

You just wrote something into a dialog and pressed ENTER.
- In that moment you pressed ENTER you should 'see' the game stopping/lagging for like 1 Second. That is because the stealer is sending data to the logger page. CLEO pauses the game until it gets a response from the function to send the data. MEH.

:sweet_jesus:

 

[TheZeRots]

You can also feel the stealer stealin your data!

Example:

You just wrote something into a dialog and pressed ENTER.
- In that moment you pressed ENTER you should 'see' the game stopping/lagging for like 1 Second. That is because the stealer is sending data to the logger page. CLEO pauses the game until it gets a response from the function to send the data. MEH.

:sweet_jesus:

There are smart ones.
Those that write a temporary file somewhere on your PC and when your session ends it deletes it and sends it to a FTP -> of course, those are hard to protect against.

 

[0x_]

[quote author=Opcode.eXe link=topic=9132.msg53288#msg53288 date=1407574763]
You can also feel the stealer stealin your data!

Example:

You just wrote something into a dialog and pressed ENTER.
- In that moment you pressed ENTER you should 'see' the game stopping/lagging for like 1 Second. That is because the stealer is sending data to the logger page. CLEO pauses the game until it gets a response from the function to send the data. MEH.

:sweet_jesus:

There are smart ones.
Those that write a temporary file somewhere on your PC and when your session ends it deletes it and sends it to a FTP -> of course, those are hard to protect against.
[/quote]
And easy to fuck up

 

[Opcode.eXe]

There are smart ones.
Those that write a temporary file somewhere on your PC and when your session ends it deletes it and sends it to a FTP -> of course, those are hard to protect against.
[/quote]

What? Send me an example.... i wanna see that..