VirtualSelf

Technical Description

VirtualSelf is an anti-theft / remote access utility controlled via a Zombie -> CnC + Remote <- Client architecture. Communication is established via HTTPS GET and POST requests to the CnC from the zombie. The CnC hosts web pages containing temporary command triggers, pulled periodically from the zombies (2 second intervals).

Five commands currently exist:

Screenshot
Execute Command
Webcam
Audio
Processes & Programs

Non-Technical Description

VirtualSelf is a security utility designed to protect your computer from unauthorized access or potential theft. The program quietly monitors your system, capturing screenshots, recording audio, and even taking photos using your webcam based on specific signals. It can also keep track of installed programs and running processes on your computer. All this information is securely sent to a remote server, allowing you to monitor your device from afar. With a user-friendly system tray icon, you can easily start or stop the program as needed, ensuring that your computer always remains secure.

Requirements

Unix-based web server with:

A public accessable web server
PHP

Python >3.10

Python Requirements

os
winreg
time
urllib
pyautogui
requests
psutil
cv2
sounddevice
scipy
datetime
threading
sys
pystray
PIL
plyer

Optionally, Python dependencies can be installed by running: pip3 install -r .\requirements.txt

Note: Building VirtualSelf as a standalone executable is the preferred method. Zombies that run the executable do not require python or its dependencies to be installed.

Building Using `pyinstaller`

pyinstaller --onefile --icon=VirtualSelf.png --hidden-import=sounddevice --hidden-import=plyer.platforms.win.notification .\VirtualSelf.py

Source Files

VirtualSelf.py

VirtualSelf.py is the main file ran on zombie machines. This is the file that executes the commands sent via the VirtualSelf_Remote.py file ran on the CnC server.

VirtualSelf_Remote.py

VirtualSelf_Remote.py is the remote controller file ran on the CnC server. This file appends commands onto the webpages temporarily until they are pulled via the VirtualSelf.py zombie file

VirtualSelf.php

VirtualSelf.php is the file to be hosted on the CnC that sets up a PHP POST API using basic authentication. Files are uploaded from the zombie to this endpoint, finally being saved on the web server in a publically inaccessable directory.

The current VirtualSelf.php file contains functions specific to my website, but these can be removed and adapted easily to your use case.

You can download VirtualSelf with the source code here.