A keylogger written in Python, disguise as photo, remote transmit, having a saftey key to stop program.
- pynput.keyboard: for capturing keystrokes
- logging: for creating logfiles
- os: for itneracting with the host OS (Windows)
- getpass/uuid/socket: get host information
- subprocess: running system commands
- email.mine: send data through SMTP email service
This section configures the SMTP email service to send host info and keystroke to my email. The keystroke is written into a file at %temp% location.
These functions will run once the begining of execution. They will collect host info including: hostname, IP, username, MAC address, saved wifi profiles.
This is where the main function of the keylogger. The program will begin listening for keystrokes and writing them to a temp file. When the filesize reaches 20MB (or the program is terminated) the send data function will be called to send email that contains all the keystroke, then clear the file. There is a safety key which will terminates, it is the right ctrl button
Using PyInstaller, the program can be complied into a standalone exe file. In WinRAR, there is an SFX archive option. With this, the program can be embedded into a photo, and when the photo is opened, the program will be executed along with the photo
python3 pyinstaller --onefile keylogger.pyw
I also change the .exe extension to .scr. Then use RLO character to further masking the file
We can use Hex encoding to obfucate our code. Then use exec() function in python to execute the code. The Defender on Win 10 cannnot detect the malicious behavior.
However, when combine with the method above (Compile & Hide in a picture) the AV can detect it.
