Giter Club home page Giter Club logo

gopher's Introduction

Gopher

A PoC OS X ransomware

(c) fG! 2015. All rights reserved

[email protected] - https://reverse.put.as

This is a very small OS X ransomware proof of concept based on libsodium (https://github.com/jedisct1/libsodium) crypto library.

It shows how simple it is to build a robust version of such annoying threat in a couple of C lines and an external crypto library. To my knowledge Apple crypto libraries have some limitations for what I wanted to achieve with this PoC design and OpenSSL is deprecated in OS X. Honestly libsodium usage is a matter of personal choice since it's a great and easy to use crypto library.

The design principle is that there exists a master encryption pub/private key pair which is in control of the ransomware master. The ransomware binary will use the public key to encrypt session keys that are generated on each target and encrypted with the master key. In theory a victim would have to send the encrypted private session key to be decrypted. This would make it impossible to recover the files without access to the private master key. I always had trouble to understand how some ransomware files could be recovered when it's rather easy to make it near impossible without complicating too much logistics.

The file section "algorithm" is extremely basic. It only searches for .docx files in ~/Documents folder. Something really better could be built on top of OS X Spotlight feature and/or libmagic. Definitely not the goal of this PoC.

You will need to compile yourself and add to the project libsodium static library or link against a dynamic version. I haven't included that on the project, only the include files (you might need to revise those for any incompatibilities that may arise with newer libsodium versions).

Code provided as it is, it used to work last time I tested it ;-)

Its goal is to demonstrate that there are really no special barriers in OS X against crypto ransomware. This menace hasn't arrived to OS X purely because of laziness from malware authors and scale, since it should be magnitudes more profitable against Windows targets. It doesn't contain really any OS X specifics other than Foundation methods to easily iterate over files. Adding spotlight search would make it easier and faster to locate documents and others to encrypt.

Enjoy,

fG!

gopher's People

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.