Author Topic: Some general questions about banking/password stealing malware and POST data  (Read 9150 times)

0 Members and 1 Guest are viewing this topic.

August 25, 2017, 08:09:13 am


  • Newbie

  • Offline
  • *

  • 1
  • Reputation:
    • View Profile
Hello therr  ;D

So when certain malware is looking for passwords and stuff, I read that some have the ability to collect POST data. Can somebody explain to me what this means and how it does it?

I heard some can specifically target passwords and stuff in the POST data. Has there ever been any  malware in the wild that collects ALL the post data and not just passwords and the cc info?


Reply #1August 25, 2017, 01:00:44 pm


  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2610
  • Reputation:
    • View Profile
Hi fredlassiter88,

Welcome to Forum.

POST is a request method implemented in the Hypertext Transfer Protocol (HTTP) application protocol. The data enclosed within a POST request is submitted from a web browser to a remote HTTP server.
Malware will usually install Browser Helper Objects (BHO) or Web Extensions to parse the content of the page on the fly and save the content of interesting fields within forms.

HERE is an exemple of a form using POST. Since forms often have many fields, malware usually filter the data to be stolen to interesting fields, like "username", "password", etc.
I don't known of any malware that capture all POST fields and data.