Back in 2020, I lost my Discord account due to malware I downloaded onto my computer. I suppose every villain has a backstory. When I lost my account, I wasn't mad or sad; I was amazed by how an application, a small 270kb executable file, took all my information.
I already had coding knowledge and wanted to demonstrate to Discord that their application was terribly insecure, especially using Electron, and even worse for Exodus. That's how I created the first malware using an injection in Electron to gather information like a keylogger.
My goals were never to infect people or to make money from it. The perfect example is that I never used it and always provided help to people contacting me. I created a malware remover and contributed to most of them, as well as to malware analysis. I was young at the time, 12 when the project started, and truly believed in the educational purpose of the malware.
To make it clear, I do not regret a single line of code of PirateStealer. If I hadn't been the one who made PirateStealer, someone else would have, keeping the source private and making it harder for malware & security engineers. Of course, some things could have gone differently (like BBY Stealer taking my source and research), but I feel that if I hadn't created this "malware" — which was more a proof of concept than actual malware — Discord would have continued to be insecure.
Firstly, yes, I made some mistakes. I was 12 at the time and wasn't fully aware of what I was doing, so keeping the source working, yes, but maybe not building a stub for it.
Electron is a JavaScript framework, and as you may know, JavaScript is not a compiled language. Injecting code was, therefore, easy, especially since it was retained on every startup, as was the case for Exodus.
As I said at the beginning of 2023, PirateStealer is dead. There will be no more PirateStealer, and all the news relating PS and Gotham are purely fake. Gotham is a completely different project made by people I know and respect, but it is clearly a private & malicious malware. See :
- https://cybermaterial.com/pirate-stealer-rebrands-as-gotham-stealer/
- https://thecyberexpress.com/pirate-stealer-is-gotham-stealer-on-dark-web/
I remember publishing a thousand ways and proofs of concept on how to fix Discord, and not a single fix happened!
I wish to thank Exodus Wallet because, unlike Discord, they fixed the vulnerability as soon as I reported it to them.
By the way, I made 0 dollars off PirateStealer while other people made money by stealing my source. At that moment, I understood how terrible open-source was. So, if I can give you one piece of advice, never do open-source. If you have a good idea, a good project, sell it!
Thank you.
- Ars Technica article on malicious packages
- Hacker News discussion
- PCRisk removal guide
- YouTube video on PirateStealer
- OTX AlienVault pulse
- HowToFix guide
- HackerNoon reversing Node.js malware analysis
- ITNext article on reversing a Node.js malware
- Discussion on Reddit about suspicious messages
- Reddit discussion on Discord malware analysis