{"id":33058,"date":"2014-02-05T16:26:09","date_gmt":"2014-02-06T00:26:09","guid":{"rendered":"http:\/\/blogs.mcafee.com\/?p=33058"},"modified":"2025-06-03T21:55:53","modified_gmt":"2025-06-04T04:55:53","slug":"plasma-http-botnet-steals-stored-passwords-chrome-filezilla","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/plasma-http-botnet-steals-stored-passwords-chrome-filezilla\/","title":{"rendered":"Plasma HTTP Botnet Steals Passwords From Chrome, FileZilla"},"content":{"rendered":"<p style=\"text-align: justify;\">Last year we reported on the Athena HTTP botnet, which targets Windows XP systems, mostly for distributed denial-of-service attacks. Now we have examined the botnet Plasma HTTP, whose infections seem to be widespread and target all Windows systems. Attacker use this HTTP-based botnet primarily as a CPU and GPU cryptocurrency miner. Once a machine is infected, the bot can easily steal sensitive information such as usernames and passwords stored locally for the Google Chrome browser and FileZilla FTP client. We have seen a number of malicious websites hosting this botnet, most with a high infection rate. The following screenshot shows a panel with more than a thousand unique infections:<\/p>\n<p style=\"text-align: justify;\"><a href=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_online_list.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-33059\" src=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_online_list.png\" alt=\"plasma_online_list\" width=\"1089\" height=\"900\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_online_list.png 1089w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_online_list-300x247.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_online_list-1024x846.png 1024w\" sizes=\"auto, (max-width: 1089px) 100vw, 1089px\" \/><\/a><\/p>\n<p style=\"text-align: justify;\">The bot sends system information such as operating system, CPU\/GPU data, and security software installed to its control. The bot can stop or disable several security software apps. Here is an example of the information logged:<\/p>\n<p style=\"text-align: justify;\"><a href=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_hwid_info.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-33060\" src=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_hwid_info.png\" alt=\"plasma_hwid_info\" width=\"483\" height=\"586\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_hwid_info.png 483w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_hwid_info-247x300.png 247w\" sizes=\"auto, (max-width: 483px) 100vw, 483px\" \/><\/a><\/p>\n<p style=\"text-align: justify;\">This information helps attackers run their malicious miners based on the GPU and CPU. Attackers can send a number of commands:<\/p>\n<p style=\"text-align: justify;\"><a href=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_active_commands.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-33061\" src=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_active_commands.png\" alt=\"plasma_active_commands\" width=\"798\" height=\"145\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_active_commands.png 798w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_active_commands-300x54.png 300w\" sizes=\"auto, (max-width: 798px) 100vw, 798px\" \/><\/a><\/p>\n<p style=\"text-align: justify;\">The bot can also passwords from infected machines. It then logs all the entries on its control server. A sample statistics page:<\/p>\n<p style=\"text-align: justify;\"><a href=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_stats.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-33062\" src=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_stats.png\" alt=\"plasma_stats\" width=\"799\" height=\"229\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_stats.png 799w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_stats-300x85.png 300w\" sizes=\"auto, (max-width: 799px) 100vw, 799px\" \/><\/a><\/p>\n<p style=\"text-align: justify;\">The bot has stolen more than 4,000 URLs and passwords stored in Chrome or FileZilla as we write this post. The password log page:<\/p>\n<p style=\"text-align: justify;\"><a href=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_password_logs.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-33063\" src=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_password_logs.png\" alt=\"plasma_password_logs\" width=\"916\" height=\"768\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_password_logs.png 916w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_password_logs-300x251.png 300w\" sizes=\"auto, (max-width: 916px) 100vw, 916px\" \/><\/a><\/p>\n<p style=\"text-align: justify;\">The Plasma HTTP bot supports five categories of malicious commands:<\/p>\n<h2 style=\"text-align: justify;\"><b>DDoS<\/b><\/h2>\n<ul style=\"text-align: justify;\">\n<li>Slowloris<\/li>\n<li>UDP<\/li>\n<li>Arme<\/li>\n<li>HTTP Post<\/li>\n<li>HTTP Get<\/li>\n<li>Condis<\/li>\n<li>BwFlood<\/li>\n<li>Stop DDos<\/li>\n<\/ul>\n<h2 style=\"text-align: justify;\"><b>Miner<\/b><\/h2>\n<ul style=\"text-align: justify;\">\n<li>CPU<\/li>\n<li>GPU<\/li>\n<\/ul>\n<h2 style=\"text-align: justify;\"><b>Bot<\/b><\/h2>\n<ul style=\"text-align: justify;\">\n<li>Download<\/li>\n<li>Update<\/li>\n<li>Uninstall<\/li>\n<li>Update Gate<\/li>\n<\/ul>\n<h2 style=\"text-align: justify;\"><b>Botkiller<\/b><\/h2>\n<ul style=\"text-align: justify;\">\n<li>Run Bot Killer Module<\/li>\n<li>Run Hard Bot Killer Module<\/li>\n<li>Enable Proactive Bot Killer<\/li>\n<li>Disable Proactive Bot Killer<\/li>\n<\/ul>\n<h2 style=\"text-align: justify;\"><b>Misc<\/b><\/h2>\n<ul style=\"text-align: justify;\">\n<li>Hosts<\/li>\n<li>Shell<\/li>\n<li>Visit Hidden<\/li>\n<li>Visit Visible<\/li>\n<li>Torrent Seeder<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">\u00a0A look at network communication between bot and control server:<\/p>\n<p style=\"text-align: justify;\"><a href=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_wireshark_capture.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-33064\" src=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_wireshark_capture.png\" alt=\"plasma_wireshark_capture\" width=\"766\" height=\"591\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_wireshark_capture.png 766w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_wireshark_capture-300x231.png 300w\" sizes=\"auto, (max-width: 766px) 100vw, 766px\" \/><\/a><\/p>\n<p style=\"text-align: justify;\">The request and response is simply a reversed Base64 string of the data sent and received. The decoded data:<\/p>\n<p style=\"text-align: justify;\"><a href=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_decoded_base64.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-33065\" src=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_decoded_base64.png\" alt=\"plasma_decoded_base64\" width=\"1024\" height=\"280\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_decoded_base64.png 1024w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_decoded_base64-300x82.png 300w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/p>\n<p style=\"text-align: justify;\">Once the bot sends information, its control server sends multiple commands separated by &#8220;*&#8221; to its bot, which then downloads CPU and GPU miner files and runs them silently. The bot next steals stored passwords from Google Chrome and sends all the password logs to its controller. The bot sends information to its server:<\/p>\n<p style=\"text-align: justify;\"><a href=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_crypt2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-33066\" src=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_crypt2.png\" alt=\"plasma_crypt2\" width=\"756\" height=\"465\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_crypt2.png 756w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_crypt2-300x184.png 300w\" sizes=\"auto, (max-width: 756px) 100vw, 756px\" \/><\/a><\/p>\n<p style=\"text-align: justify;\">The PHP files found in the bot panel are encoded using the <a href=\"https:\/\/www.ioncube.com\/loaders.php\">ionCube<\/a> loader&#8211;to prevent researchers quickly understanding the code. Here is a look at the encoded gate.php (which logs stolen data):<\/p>\n<p style=\"text-align: justify;\"><a href=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_php_encoded.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-33067\" src=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_php_encoded.png\" alt=\"plasma_php_encoded\" width=\"799\" height=\"404\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_php_encoded.png 799w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_php_encoded-300x151.png 300w\" sizes=\"auto, (max-width: 799px) 100vw, 799px\" \/><\/a><\/p>\n<p style=\"text-align: justify;\">Once decoded, we can see the actual code:<\/p>\n<p style=\"text-align: justify;\"><a href=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_decoded_php.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-33068\" src=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_decoded_php.png\" alt=\"plasma_decoded_php\" width=\"623\" height=\"600\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_decoded_php.png 623w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_decoded_php-300x288.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_decoded_php-32x32.png 32w\" sizes=\"auto, (max-width: 623px) 100vw, 623px\" \/><\/a><\/p>\n<p style=\"text-align: justify;\">Even though not sophisticated, the Plasma HTTP botnet offers several features. We have seen that attackers are using this bot especially for CPU and GPU mining, due to its ability to remain silent and undetected. The bot can kill other malicious programs such as remote-access tools or miners. The bot can also edit the hosts file, run shell commands, and display web pages. Plasma HTTP has infected the latest versions of Windows (using special social engineering techniques to gain the required privileges). The password logs we have seen show how dangerous this botnet can be and that your sensitive information is at risk.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Last year we reported on the Athena HTTP botnet, which targets Windows XP systems, mostly for distributed denial-of-service attacks. Now&#8230;<\/p>\n","protected":false},"author":674,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[49,1814,32,142],"coauthors":[3973],"class_list":["post-33058","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-botnet","tag-computer-security","tag-data-protection","tag-tag-identity-theft"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Plasma HTTP Botnet Steals Passwords From Chrome, FileZilla | McAfee Blog<\/title>\n<meta name=\"description\" content=\"Last year we reported on the Athena HTTP botnet, which targets Windows XP systems, mostly for distributed denial-of-service attacks. Now we have examined\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Plasma HTTP Botnet Steals Passwords From Chrome, FileZilla | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"Last year we reported on the Athena HTTP botnet, which targets Windows XP systems, mostly for distributed denial-of-service attacks. Now we have examined\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/plasma-http-botnet-steals-stored-passwords-chrome-filezilla\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2014-02-06T00:26:09+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-04T04:55:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_online_list.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1089\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"McAfee\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"McAfee\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/plasma-http-botnet-steals-stored-passwords-chrome-filezilla\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/plasma-http-botnet-steals-stored-passwords-chrome-filezilla\/\"},\"author\":{\"name\":\"McAfee\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa\"},\"headline\":\"Plasma HTTP Botnet Steals Passwords From Chrome, FileZilla\",\"datePublished\":\"2014-02-06T00:26:09+00:00\",\"dateModified\":\"2025-06-04T04:55:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/plasma-http-botnet-steals-stored-passwords-chrome-filezilla\/\"},\"wordCount\":504,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/plasma-http-botnet-steals-stored-passwords-chrome-filezilla\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_online_list.png\",\"keywords\":[\"botnet\",\"computer security\",\"data protection\",\"identity theft\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/plasma-http-botnet-steals-stored-passwords-chrome-filezilla\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/plasma-http-botnet-steals-stored-passwords-chrome-filezilla\/\",\"name\":\"Plasma HTTP Botnet Steals Passwords From Chrome, FileZilla | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/plasma-http-botnet-steals-stored-passwords-chrome-filezilla\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/plasma-http-botnet-steals-stored-passwords-chrome-filezilla\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_online_list.png\",\"datePublished\":\"2014-02-06T00:26:09+00:00\",\"dateModified\":\"2025-06-04T04:55:53+00:00\",\"description\":\"Last year we reported on the Athena HTTP botnet, which targets Windows XP systems, mostly for distributed denial-of-service attacks. Now we have examined\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/plasma-http-botnet-steals-stored-passwords-chrome-filezilla\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/plasma-http-botnet-steals-stored-passwords-chrome-filezilla\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/plasma-http-botnet-steals-stored-passwords-chrome-filezilla\/#primaryimage\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_online_list.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_online_list.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/plasma-http-botnet-steals-stored-passwords-chrome-filezilla\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Plasma HTTP Botnet Steals Passwords From Chrome, FileZilla\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa\",\"name\":\"McAfee\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/1ffadfeeda1f4f9e7891a81f27a9ecf4\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png\",\"caption\":\"McAfee\"},\"description\":\"We're here to make life online safe and enjoyable for everyone.\",\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/x.com\/McAfee\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/mcafee\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Plasma HTTP Botnet Steals Passwords From Chrome, FileZilla | McAfee Blog","description":"Last year we reported on the Athena HTTP botnet, which targets Windows XP systems, mostly for distributed denial-of-service attacks. Now we have examined","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Plasma HTTP Botnet Steals Passwords From Chrome, FileZilla | McAfee Blog","og_description":"Last year we reported on the Athena HTTP botnet, which targets Windows XP systems, mostly for distributed denial-of-service attacks. Now we have examined","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/plasma-http-botnet-steals-stored-passwords-chrome-filezilla\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_author":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2014-02-06T00:26:09+00:00","article_modified_time":"2025-06-04T04:55:53+00:00","og_image":[{"width":1089,"height":900,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_online_list.png","type":"image\/png"}],"author":"McAfee","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"McAfee","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/plasma-http-botnet-steals-stored-passwords-chrome-filezilla\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/plasma-http-botnet-steals-stored-passwords-chrome-filezilla\/"},"author":{"name":"McAfee","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa"},"headline":"Plasma HTTP Botnet Steals Passwords From Chrome, FileZilla","datePublished":"2014-02-06T00:26:09+00:00","dateModified":"2025-06-04T04:55:53+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/plasma-http-botnet-steals-stored-passwords-chrome-filezilla\/"},"wordCount":504,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/plasma-http-botnet-steals-stored-passwords-chrome-filezilla\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_online_list.png","keywords":["botnet","computer security","data protection","identity theft"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/plasma-http-botnet-steals-stored-passwords-chrome-filezilla\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/plasma-http-botnet-steals-stored-passwords-chrome-filezilla\/","name":"Plasma HTTP Botnet Steals Passwords From Chrome, FileZilla | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/plasma-http-botnet-steals-stored-passwords-chrome-filezilla\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/plasma-http-botnet-steals-stored-passwords-chrome-filezilla\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_online_list.png","datePublished":"2014-02-06T00:26:09+00:00","dateModified":"2025-06-04T04:55:53+00:00","description":"Last year we reported on the Athena HTTP botnet, which targets Windows XP systems, mostly for distributed denial-of-service attacks. Now we have examined","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/plasma-http-botnet-steals-stored-passwords-chrome-filezilla\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/plasma-http-botnet-steals-stored-passwords-chrome-filezilla\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/plasma-http-botnet-steals-stored-passwords-chrome-filezilla\/#primaryimage","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_online_list.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/plasma_online_list.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/plasma-http-botnet-steals-stored-passwords-chrome-filezilla\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Plasma HTTP Botnet Steals Passwords From Chrome, FileZilla"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa","name":"McAfee","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/1ffadfeeda1f4f9e7891a81f27a9ecf4","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png","caption":"McAfee"},"description":"We're here to make life online safe and enjoyable for everyone.","sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/x.com\/McAfee"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/mcafee\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/33058","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/674"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=33058"}],"version-history":[{"count":3,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/33058\/revisions"}],"predecessor-version":[{"id":215047,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/33058\/revisions\/215047"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=33058"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=33058"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=33058"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=33058"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}