Thursday, January 23, 2020

How to deliver a trojan to the victim's computer using a fake campaign

This method of hacking will be successful or not depending on how creative you are at creating a fake campaign while making it look legit as if it came from the real source. Read on to learn how to create a fake campaign and hide a trojan inside an ISO file in order to trick the user into running the trojan. 

An ISO file which is often called an image file is a well-known archive file of an optical disk such as CD or DVD. ISO files usually contain an exact copy of whatever is contained on the CD/DVD. This method is often used because people can easily distribute files contains on a CD/DVD they own. If you are running Windows 8 or Windows 10, you will notice that when you double click on the ISO file, the operating system will automatically mount the ISO file and open it in a file explorer for you to see all of the files inside the ISO image.  

A lot of hackers has been abusing ISO archive file in order to deliver malware to their victim and the best part about using this method to deliver trojan is that it can evade a lot of antivirus software. Read on to learn how to hide a trojan inside an ISO image file. 

Tools you will need:
  • Power ISO which can be download here
  • An ISO image file, which you can easily create by using Power ISO to rip a CD/DVD
  • Any Remote Access Trojan (RATs) software. (I recommend NanoCore)
1. Start your favorite RAT program and generate a trojan. For this example, I will use NanoCore

2. Configure your router so that the trojan can connect back to your attack machine after it is executed by the victim by opening the required port.

3. Run Power ISO

4. Click the "Open" button on the toolbar or choose the "File > Open" menu to open an existing iso file. To edit iso file, you must open it with PowerISO first.

5. Double click on the ISO file to open it

6. Click on the Add button and locate your trojan

7. Select the files and folders you want to delete, then click on the "Delete" button on the toolbar to delete files and folders. The best way is just to delete everything except for the trojan.

8. Rename your trojan like I did above by right-clicking on it and choose rename and type in a new name

9. Click on the "Save" button on the toolbar, or choose the "File > Save" menu to save the iso file.

10. Now craft an email and pretend to be a legit company that you think the victim will fall for. See below for an example of how to craft a scam email that looks like it came from the real thing.

13. Now attach the ISO file to the email and send it to the victim. Most email antivirus will either ignore the scan or cannot detect the trojan because the file has an iso extension instead of .exe.

This type of scam email works on about 90 percent of the victims so if you tried this method most likely it will be a successful one. The best way to defend against this attack is to educate the user on never to open any attachment unless they can verify that it is from a legitimate source.


Post a Comment