Approaching stealers devs : a brief interview with WhiteSnake

g0njxa
4 min readSep 24, 2024

--

To completely understand what’s going on in a market that has been growing in the last years I found mandatory to know which players are dominating it. Always remember that behind every user of the Internet there is another human like you, so if you can be kind enough to reach them and they agree, you can have a little talk. Asking things is not a crime.

Please note everything that stated on this blog has only an informational purpose. I will never promote the usage of these products.

WHITE SNAKE

What is WhiteSnake and how would you describe it?

Firstly i made it as a stealer, but then added some spyware features so basically it’s a spyware.

Is there a history behind the name White Snake?

Ye, reference to a rock band.

I asked about his favourite “Whitesnake” rock song, he ended up sending me a full playlist so enjoy White Snake playlist here:

https://www.youtube.com/watch?v=2g5xkLqIElU&list=PLAcyU7BDXJCZhAcyPQI_kdjjfBhH0sVm_

Also featuring www.youtube.com/@ГруппаКИНО-ф6ш and www.youtube.com/@thekorolishut

What makes White Snake different from other products?

Actually we have a lot of features which automates working with reports and their analysis.

An example of a test Whitesnake report from the client panel view

How many people do you think have used White Snake? Approximately

200+

Since when has White Snake been working?

I started coding this project at 2022, first release on Februrary 1, 2023

White Snake is not just a stealer, it also provides some kind of tools/exploits like ZIP, SLN exploit, trezor phising, clipper, keylogger, or control of victims over panel . Can you explain those kind of features?

Basically you receive logs with .WSR format which can be decrypted by desktop client on ur pc.
but if you wanna share log data with others you need to export it as zip file or etc.
Actually it’s not just a stealer, but set of tools and exploits.

Some pictures from alternative tools of Whitesnake:

White Snake has always been on the lead of developments among others infostealers. I see interesting features implemented on White Snake such as Yandex browser decryptor or with the new decryption of cookies from v127 Chrome.
Is there a big development behind this? In what did you post the most effort to develop?

I’m actually a single developer, Yandex was most hardest thing to implement coz proprietary software so was needed to reverse it.

White Snake also has an unique log report from machines (.wsr files = White Snake Report). Can you explain this?

When u install desktop client on pc, it generates rsa key-pair, logs are encrypted with AES and RSA public key (Can be decrypted only by your panel), so this format is basically archive with custom encryption. Desktop client decrypts it, then decrypts browsers databases and etc, then shows you all.

Speaking about the market, how do you see it? Is this a good time to work? Or is there a shortage of products? A lot of people I’ve talked to complain about this

Many leave the market to work in private mode, some sellers try to set others up, and so on.

Is not common to see White Snake in the wild like other comercial stealers like Lumma, Redline, META, Vidar… Is WhiteSnake also used in teams and related comercial malware activity?

Yes

In fact, the only time I found WhiteSnake being used in the wild was being dropped from SmokeLoader while this was loaded on Privateloader (InstallsKey PPI service).
https://x.com/g0njxa/status/1661731243858489348

Does White Snake works on the CIS countries?

No?

I know you had problems in the past on forums because some client modified White Snake to allow it to knock on Russians, could you kindly explain what happened?

Actually stub is coded on C# so you can easily reverse it and modify. Also same happened with meduza.

WhiteSnake was banned from XSS and Exploit forums after some report of the stealer being able to work on CIS countries victims hosts.

Any incoming features for the next months, or anything special for the anniversary?

Actually clients ask me for new features, and i add them :P

What would you say to those “information security experts” who are trying to track White Snake?

— Are they even trying?

Extra

Remember to check the other interviews at: g0njxa — Medium

Expect more content, if possible
Best regards. :p

@g0njxa

--

--

g0njxa
g0njxa

Responses (1)