This project has been in development for over six months, rewritten almost from scratch several times, conducted thousands of different tests, announced a global Beta Test for everyone, and finally, we are ready to present you with a completely new project for stealing confidential data.
The Void is a stealer created by a team of people who have been working in this field for over five years. Over the years, we've seen many projects, some excellent, some not so much. But over time, we came to the conclusion that we needed to create a new project that would incorporate all the best features and eliminate all the shortcomings of the projects we had previously used. The concept behind the project was to collect as much useful information as possible, without collecting useless data (be honest, have you ever needed to know "the amount of RAM on the victim's computer"?).
Let's start with the technical specifications of the build.
Written in C/C++. The build is x64.
For most system operations (file management, memory, registry), we used direct system calls (syscalls). For less important tasks, we used WinAPI | NtAPI.
The build uses a flexible configuration system; you can add your browser or extension to the configuration in a couple of clicks. Configuration changes are made from the control panel and do not require a rebuild.
The standard configuration allows you to build:
~ 20 browsers (Chrome, Edge, Brave, Opera, Firefox, etc.)
~ 70 extensions
~ 9 wallets
~ Telegram, Discord, Steam, Filezilla
Connection to the seed server is via HTTPS and additionally secured with XOR encryption. Each piece of information is transmitted in a separate request, allowing us to store some information on the server even if the build is detected at runtime.
All decryption is performed entirely on the server; the databases are not opened on the victim's computer.
A highly configurable file grabber has been implemented. In the grabber configuration, you can select search by name (masks) and extensions. You can also set the maximum recursive search depth and maximum file size. When sending files, their hash is stored in a table and prevents duplicates from being sent to the server.
The first version of the morpher has been created (not to be confused with junk code generators). The morphed build weighs 1-1.5 MB. The clean build weighs <600 KB.
The standard non-resident loader will load and run an unlimited number of files.
Naturally, I don't think there's any point in mentioning standard features like "repeat protection" and "anti-SNG" – they're all there.
Part 2. Pads and the Main Panel.
Pads.
Naturally, the overlay address is parsed via Telegram/Steam, which eliminates the need for lengthy rebuilds in case of overlay bans.
We decided to slightly change the concept of overlays. In most projects, an overlay is simply an NGINX stub that forwards traffic to the main server. There are only two problems with such overlays: the first and most obvious is that something happens to the main server, resulting in wasted traffic. The second is that spam traffic often attracts unwanted attention from intelligence bots, and you can often get abuse reports on your servers. We decided to implement a system in which overlays act as full-fledged receivers that receive, compile logs, and transmit them to the main decryption server. With this system, you won't be at risk of the main server going down if the main server goes down—the overlays will continue to receive traffic, and when the decryption server is ready to receive data, the overlays will forward all your logs to it.
Main server.
Due to previous situations (arrests of TSOs, servers, and admins), we decided to host the panel entirely on the Tor network and create a system that will store minimal data about its users. Currently, the panel does not store your IP addresses, user agents, contact information, or other sensitive information. The panel itself has standard functionality:
Statistics:
- Log table + search
- Builder
- Personal prefix page
- Settings (config + TG click)
- Google Restore
- Log download pages
The panel logic is written in RustLang; response times are quite fast even on Tor; you don't need to refresh the page to see updates.
Currently, the project is distributed via the MaaS system, meaning the client doesn't need to purchase servers or prefixes. They receive the product "out of the box." However, the client must encrypt the build. The build is native x64 and runs smoothly with any injection method.
Product price:
1 month - $250.
For security, I deposited $1,500 into Exploit forum.
Purchase the product - Please contact me via Telegram.
There are no downtimes or resources. If you'd like to work for a commission, please let me know and we'll discuss it. There are no free tests. For this purpose, a free beta test was conducted for almost three weeks, and anyone could participate. For regular customers, we can install it on your server.
License Agreement:
1. Even though the panel is hosted on Tor, each client agrees to comply with standard security rules.
2. Uploading a build to Virustotal will not block the user from the system; however, their subscription will be reset.
3. The product is provided "as is," and we do not guarantee the absence of force majeure.
4. Refunds are not provided for the product (unless we are unable to provide the tool).
5. We provide the "Tool" and do not guarantee any profit from it.
Contact:
Telegram: @voidseller123
The Void is a stealer created by a team of people who have been working in this field for over five years. Over the years, we've seen many projects, some excellent, some not so much. But over time, we came to the conclusion that we needed to create a new project that would incorporate all the best features and eliminate all the shortcomings of the projects we had previously used. The concept behind the project was to collect as much useful information as possible, without collecting useless data (be honest, have you ever needed to know "the amount of RAM on the victim's computer"?).
Let's start with the technical specifications of the build.
Written in C/C++. The build is x64.
For most system operations (file management, memory, registry), we used direct system calls (syscalls). For less important tasks, we used WinAPI | NtAPI.
The build uses a flexible configuration system; you can add your browser or extension to the configuration in a couple of clicks. Configuration changes are made from the control panel and do not require a rebuild.
The standard configuration allows you to build:
~ 20 browsers (Chrome, Edge, Brave, Opera, Firefox, etc.)
~ 70 extensions
~ 9 wallets
~ Telegram, Discord, Steam, Filezilla
Connection to the seed server is via HTTPS and additionally secured with XOR encryption. Each piece of information is transmitted in a separate request, allowing us to store some information on the server even if the build is detected at runtime.
All decryption is performed entirely on the server; the databases are not opened on the victim's computer.
A highly configurable file grabber has been implemented. In the grabber configuration, you can select search by name (masks) and extensions. You can also set the maximum recursive search depth and maximum file size. When sending files, their hash is stored in a table and prevents duplicates from being sent to the server.
The first version of the morpher has been created (not to be confused with junk code generators). The morphed build weighs 1-1.5 MB. The clean build weighs <600 KB.
The standard non-resident loader will load and run an unlimited number of files.
Naturally, I don't think there's any point in mentioning standard features like "repeat protection" and "anti-SNG" – they're all there.
Part 2. Pads and the Main Panel.
Pads.
Naturally, the overlay address is parsed via Telegram/Steam, which eliminates the need for lengthy rebuilds in case of overlay bans.
We decided to slightly change the concept of overlays. In most projects, an overlay is simply an NGINX stub that forwards traffic to the main server. There are only two problems with such overlays: the first and most obvious is that something happens to the main server, resulting in wasted traffic. The second is that spam traffic often attracts unwanted attention from intelligence bots, and you can often get abuse reports on your servers. We decided to implement a system in which overlays act as full-fledged receivers that receive, compile logs, and transmit them to the main decryption server. With this system, you won't be at risk of the main server going down if the main server goes down—the overlays will continue to receive traffic, and when the decryption server is ready to receive data, the overlays will forward all your logs to it.
Main server.
Due to previous situations (arrests of TSOs, servers, and admins), we decided to host the panel entirely on the Tor network and create a system that will store minimal data about its users. Currently, the panel does not store your IP addresses, user agents, contact information, or other sensitive information. The panel itself has standard functionality:
Statistics:
- Log table + search
- Builder
- Personal prefix page
- Settings (config + TG click)
- Google Restore
- Log download pages
The panel logic is written in RustLang; response times are quite fast even on Tor; you don't need to refresh the page to see updates.
Currently, the project is distributed via the MaaS system, meaning the client doesn't need to purchase servers or prefixes. They receive the product "out of the box." However, the client must encrypt the build. The build is native x64 and runs smoothly with any injection method.
Product price:
1 month - $250.
For security, I deposited $1,500 into Exploit forum.
Purchase the product - Please contact me via Telegram.
There are no downtimes or resources. If you'd like to work for a commission, please let me know and we'll discuss it. There are no free tests. For this purpose, a free beta test was conducted for almost three weeks, and anyone could participate. For regular customers, we can install it on your server.
License Agreement:
1. Even though the panel is hosted on Tor, each client agrees to comply with standard security rules.
2. Uploading a build to Virustotal will not block the user from the system; however, their subscription will be reset.
3. The product is provided "as is," and we do not guarantee the absence of force majeure.
4. Refunds are not provided for the product (unless we are unable to provide the tool).
5. We provide the "Tool" and do not guarantee any profit from it.
Contact:
Telegram: @voidseller123
