Developing Location Based Malware
This is a simple POC based on an earlier piece of malware that I developed for Mac OSX. It would allow the malware to only infect systems based on their country of origin. To do this I used to csv and urllib libraries for Python. Anyway on to the POC.
Source Code (POC)
#depreciated however this allows for you to do your own ip automatically (usefull for a trojan type program).
whatismyip = ‘http://automation.whatismyip.com/n09230945.asp’
wanip = urllib.urlopen(whatismyip).readlines()
#Does IP Geolocation requests based on the freegeoip service, it’s limited to 1000 per an hour thankfully for malware this won’t be an issue.
freegeoiprequest = ‘http://freegeoip.net/csv/’ + wanip
urllib.urlretrieve(freegeoiprequest, wanip + ‘.csv’)
spamReader = csv.reader(open( wanip + ‘.csv’, ‘rb’))
for row in spamReader:
CountryCode = row
if CountryCode == “GB”:
print “Hack me I’m British!”
If you have any simpler or cleaner ways to preform the same action feel free to let me know. If your interested in contacting me feel free to leave a comment or e-mail me at firstname.lastname@example.org.