Python Trojan (undetectable)
I am going to be showing you how to create a trojan horse virus using python, I have chosen to show a very basic trojan as it will be easier to understand.
I will be using python version 3.8 in this tutorial. This program we are creating also only uses standard libraries that come with python.
A trojan horse virus is a type of malware which disguises itself as a legitimate piece of software, this is to mislead the user so that it can perform tasks undetected. Trojans can enable cyber criminals to create backdoors on your device and steal sensitive data.
The example I will be using today is a trojan disguised as a number guessing game.
Tutorial:
First we will use python and the random library to create a simple number guessing game. We will be storing this under a function called “game”. We will save this file as client.py.
This game generates a random number from 0 to 100. The user is then given as many attempts as they need to guess the number. This is a very simple program. However, this is not going to be the only function running in our program.
We also need to make the trojan function. This will be done using the socket library. This is the client.py.
This is the trojan function, first we declare a few vital variables. These are the host IP address and the port that the client will be connecting to. Choose the IP of whatever device you will be hosting the server on and chose a port that is not in use. Then I created a tuple object of the IP and port stored under “ADDR”, this variable will be used to make the connection.
We must then create the socket object “client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)”. Then create the connection.
Once this is done we will check for any commands received from the server which the attacker will be sending. This is all happening in the background as the game is running and therefore, there are no outputs. I have created a command called “cmdon” and this will be used to give the attacker access to the terminal on the victims machine. The victim will not see any of this happening. When the attacker wishes to stop using terminal commands they can then send the command “cmdoff”.
To finish off the client file, we use the threading library to run both functions simultaneously.
We must now create a server script. We must create a new file and call it “server.py”. This is the script that the attacker will use to initiate the attack.
The image above is a screenshot of the code we will be using for the server.py file. This is a very simple socket server which listens for connections and offers the user input to send to the victim. This is where the command will be sent to execute on the victims machine.
Make sure the server.py file is running on your machine and then run the client.py file on the victims machine.
Using Virus Total I have scanned the client file and it is undetectable.
