The project will be on how to create (RATs) Remote access trojan malware that is designed to allow an attacker to remotely control an infected computer. Once the RAT is running on a compromised system, the attacker can send commands to it and receive data back in response.
Overview Malware workflow | Sequence Diagram
Telegram bot
- The Telegram messenger stands out, compared to competing services such as WhatsApp and Co, especially because of its special function of bots and channels. Freely available application programming interfaces (APIs) make life easier if you want to collect data or automate things.
PyAutoGUI
- Python scripts control the mouse and keyboard to automate interactions with other applications. The API is designed to be simple. PyAutoGUI works on Windows, macOS, and Linux, and runs on Python 2 and 3.
Pyperclip
- a cross-platform Python module for copy and paste clipboard functions. It works with Python 2 and 3. shutil module offers a number of high-level operations on files and collections of files. In particular, functions are provided that support file copying and removal.
PyInstaller
- bundles a Python application and all its dependencies into a single package. The user can run the packaged app without installing a Python interpreter or any modules
Open Telegram messenger, sign in to your account or create a new one.
- Enter @Botfather in the search tab and choose this bot(Official Telegram bots have a blue checkmark beside their name.)
- Click “Start” to activate BotFather bot(In response, you receive a list of commands to manage bots).
- Choose or type the /newbot command and send it.
- Choose a name for your bot — your subscribers will see it in the conversation. And choose a username for your bot — the bot can be found by its username in searches. The username must be unique and end with the word “bot.”
- After you choose a suitable name for your bot — the bot is created. You will receive a message with a link to your bot t.me/<bot_username>, recommendations to set up a profile picture, description, and a list of commands to manage your new bot.
pyinstaller --noconfirm --onefile --windowed --noconsole --icon ./proj.ico ./POC.py
By removing some option, Avast was unable to detect the malware.
pyinstaller --noconfirm --onefile --icon ./proj.ico ./POC.py
- https://pyinstaller.org/en/stable
- https://docs.python-telegram-bot.org/en/v20.0a0/
- https://www.python.org/
- https://core.telegram.org/bots#6-botfather
- https://core.telegram.org/bots/api
A dummy test was originally developed by Ali Saleh Baker.