Token Visible in EXE about pysilon-malware HOT 2 CLOSED

A solution would be to have a man in the middle. It would be ideal to send requests to a custom server that would use the bot token and make requests to the discord api itself. However, this would require much more work to set up.

This is very interesting advice, I'm sure that I will give it a try in the future.

By the way, is there a way to turn certain features off? For example, the automatic keylogging is kind of annoying.

I have a plan to make compiler.py some sort of "malware creator" in which, you select only theese features that you want. Unfortunately (or fortunately) I'm studying at University for now, and it's hard for me to spend proper amount of time on this project. But I'm sure that this will be one of the upcoming changes in short future.
But if you need to turn the keylogger feature off urgently, you need to manually remove unwanted code -> whole on_press() function (lines 752 to 774), launching keylogger (777 and 782), fix indentation of lines 778 to 781 (select them and use SHIFT + TAB in VSCode) and remove pynput import from line 3 for saving some size of output executable).

This is a really cool tool. I tested it out on myself and was impressed by its capabilities.

Thanks for such positive feedback. I'd be very grateful if you would consider giving this repository a star to let others see that it's worth looking into.

But I did realize one thing: After running comple.py, the bot token is present in the code of main_prepared.py. This means that, whether you distribute the python source or the executable, it is possible for the victim to discover the token themself. Once they have the bot token, they can take control of the bot and access the discord server, causing it to backfire.

Good point. I will probably make some token obfuscation (encoding/encryption (idk for know)) in next few commits.

from pysilon-malware.

A solution would be to have a man in the middle. It would be ideal to send requests to a custom server that would use the bot token and make requests to the discord api itself. However, this would require much more work to set up.

This is very interesting advice, I'm sure that I will give it a try in the future.

By the way, is there a way to turn certain features off? For example, the automatic keylogging is kind of annoying.

I have a plan to make compiler.py some sort of "malware creator" in which, you select only theese features that you want. Unfortunately (or fortunately) I'm studying at University for now, and it's hard for me to spend proper amount of time on this project. But I'm sure that this will be one of the upcoming changes in short future. But if you need to turn the keylogger feature off urgently, you need to manually remove unwanted code -> whole on_press() function (lines 752 to 774), launching keylogger (777 and 782), fix indentation of lines 778 to 781 (select them and use SHIFT + TAB in VSCode) and remove pynput import from line 3 for saving some size of output executable).

This is a really cool tool. I tested it out on myself and was impressed by its capabilities.

Thanks for such positive feedback. I'd be very grateful if you would consider giving this repository a star to let others see that it's worth looking into.

But I did realize one thing: After running comple.py, the bot token is present in the code of main_prepared.py. This means that, whether you distribute the python source or the executable, it is possible for the victim to discover the token themself. Once they have the bot token, they can take control of the bot and access the discord server, causing it to backfire.

Good point. I will probably make some token obfuscation (encoding/encryption (idk for know)) in next few commits.

Thanks for the reply! I know that it's impossible to make a perfect tool, and I understand that you're busy. This tool is already the best python malware I have ever come across, and it's a shame that it is so underrated. And yes, I have given it a ⭐! I don't immediately care about any inconveniences, since I don't plan to use this on anyone 😉.

I also love the idea of making compiler.py a malware creator. However, I think compiler.py could use a redesign. Having to re-enter all the info every time I try to build the malware is a pain. Either a config file, or possibly even a GUI, would be nice.

While you're at it, maybe there could be a way to create the virtual environment and run compiler.py all in one batch script or python script? This would be really convenient, as I've never created a python virtual environment before and the process confused me, even with your step-by-step instructions.

Lastly, it would be nice for compiler.py to tell me the location of my built executable. I'm still a little confused on the location of my executable (I did get it to work one way or another, but I'm still kind of confused by what I did, and I'm not sure which executable was the one that infected my computer).

As for the token, I don't think obfuscating / encrypting it will help. No matter how well obfuscated or encrypted, it is possibly to generate your own version of the malware. With a reference to compare against, reverse engineering one string (especially in a small program like this with only a few possibilities) is trivial. The fact that there are tools to decompile pyinstaller executables back into python code makes the process even easier. And this isn't even considering debuggers.

Worse, http requests are made with the token. There is no way to hide the token in these requests, and with a packet sniffer like burp suite, intercepting these requests and extracting the token is a piece of cake.

Therefore, I believe it is simply impossible to effectively hide the token. AFAIK, a middleman is the only option. Luckily, this isn't too difficult to set up, and AFAIK there are plenty of free domain hosting tools on the internet.

from pysilon-malware.