Spyeye/Citadel

[b0ga]

I don't know weather to go for Citadel or wait for another bot or search for another botnet . Because citadel doesn't have support now since aqua doesn't reply to no one on jabber and is a rude son of a biach . But the good thing about Citadel latest version is it works on all browser versions with formgrabbing on IE, FF and Chrome , plus doesn't have trackers .

 

[frankiewld]

First. Citadel have trackers.
Second. I dont understand why you dont want use citadel till it works fine and no need update for it? You not able to buy builder becouse author is gone so you only can buy bin and always can stop using that if citadel become realy poor.

 

[monymony]

Since everyone seems so knowledgable here lol hey guys i have a question, see let me explain the situation. In south america a lot of banks now require a token (7-15 Alphanumeric password that changes every 1-2 minutes) to actually transfer money. I used to do banking with spamming and then with traffic but i would get too many bank logs at the same time for me to handle it. i was wondering if a botnet like zeus, citadel, spyeye etc would be a better use for me and if so which one? I have used zeus for US banking long time ago when it was prvate and it was above 5k to buy and it went pretty good with chase and BOA. but that is my only experience with botnet because i started to buy google and bing traffic for scam pages but my guy disappeared.

 

[Xehanort]

Since everyone seems so knowledgable here lol hey guys i have a question, see let me explain the situation. In south america a lot of banks now require a token (7-15 Alphanumeric password that changes every 1-2 minutes) to actually transfer money. I used to do banking with spamming and then with traffic but i would get too many bank logs at the same time for me to handle it. i was wondering if a botnet like zeus, citadel, spyeye etc would be a better use for me and if so which one? I have used zeus for US banking long time ago when it was prvate and it was above 5k to buy and it went pretty good with chase and BOA. but that is my only experience with botnet because i started to buy google and bing traffic for scam pages but my guy disappeared.

That type of security is beaten easily by Man in the Middle (MiTM) or Man-in-the-browser-attacks. Upon execution of the malware this sends the victim's smartphone an HTML/JavaScript Webpage that poses as a token generator from the victim's bank.

When the victim enters his or her password in order to get the token, the malware sends the password, together with the IMEI and IMSI numbers of the victim's smartphone, to a specific cellphone number, as well as one of its C&C servers.

Later Versions of Spyeye had this, can't remember if Citadel had its own 2FA decryption mechanism in place, but it could be very easily requested in CRM Store if it wasn't. But that doesn't matter as it's discontinued product.

Your best bet would be to get in touch with Carberp Author, or private russian banking trojans. Otherwise, if you want a heavily customized tool you can always consult a malware author to code one of your likings.