Writing a simple program with hidden malicious code in the background, scraping victim's folders and sending information back to the main computer.
Youtube link: https://www.youtube.com/watch?v=ShEX6RL_HXA
Simple.Trojan.Program.Overview.mp4
- scrape victim's files and folders (Desktop/Documents/Downloads), and look for files with the word "bank" in it. If however we find a folder with the word "bank" in it, then we check all files within the folder, regarless of naming.
- Send file to attacker's computer. If file is password protected, unencrypt it first, save in new file, and send that unencrpyted file.
- Clone the repo
- (OPTIONAL) Generate a virtual environment by running
python -m venv env(or using an IDE) and activate it by runningenv\Scripts\activate.bat(for Windows) - Install the required packages with
pip install -r requirements.txtNote: On Windows, if you are having issues with creating a virtual environment due to the Python path, you can fix this by simply going into the Microsoft Store app, and installing Python from there.
- This is to build the client side of the application that the victim would run on their computer. The server is not a part of this build as it is ran sepreatly on the attacker's computer.
- Install pyinstaller (
pip install pyinstaller) - Build the app using this command (
pyinstaller --onefile --windowed main.py)onefile: makes a one-file executublewindowed: hides the command line window
- ngrok: Used for TCP Tunneling from ngrok cloud server to the local server.
- John the Ripper: Password cracking utility.
- office2john: Used to get the encrypted password of a password protected Microsoft Word file.
- Weakpass: Resource for common password lists.
- Aspose.Words: Used to open encrypted document with its password, and save it unecyrpted.
- Requests-HTML: Used to load websites dynamically. This ensures that the webpage loads its scripts, which may cause more images to load on the page.