Password-stealing malware targeting Windows and Linux spotted on GitHub

A malware that steals WiFi passwords from Windows and Linux computers with unknown potentials has been spotted on GitHub.

The malware which has been there since at least 26 September 2023 is said to be an injection tool capable of exfiltrating stored WiFi data (SSID and password) on Windows and Linux devices. 

The creator of the malware also wrote in detail the steps for others to re-create the same malware they can use to steal information.

How it works

The owner of the malware in a detailed description said to create one, all that is needed is a pico-ducky and a modified payload (adjusted for your SMTP details for the Windows exploit and/or adjusted for the Linux password and a USB drive name) to the RPi Pico.

Once connected to a host machine, the injection tool executes malicious commands by running code that mimics keystrokes entered by a user. 

The payload uses the STRING command to process injection keystrokes. It accepts one or more alphanumeric/punctuation characters and will type the remainder of the line exactly as-is into the target machine. The ENTER/SPACE will simulate a press of keyboard keys.

Though it looks like a USB drive, the tool acts like a keyboard that types in a preprogrammed payload. Once created, anyone with physical access can deploy this payload with ease.

For Windows, once the passwords have been exported to the .txt file, payload will send the data to the appointed email using Yahoo SMTP.

For Linux however, a jumper wire between GND and GPIO5 is required in order to comply with the code to send the data.

Precaution to take

Although there’s a disclaimer that the information is for security research purposes only, its use by malicious actors cannot be ruled out, hence the need for caution.

Fortunately, certain conditions must be met, including Physical access to the unlocked victim’s computer, internet access on the computer, and knowledge of the victim’s computer password for the Linux exploit.

Therefore watching your computer all the time and disconnecting the computer from the internet when not in use are simple measures that can keep people safe from the malware.