Introduction
Phishing attack remains one of the most effective and common cyber threats. The attack is majorly used to exploit human trust. This is achieved by manipulating individuals into performing actions such as sharing sensitive data and downloading malicious files. By utilizing social engineering, attackers are able to execute malwares that comprise systems. This report demonstrates how phishing can be carried out with focus on design of malware utilized to extract user information and then send the data to an external server through SFTP.
Background
The phishing in this case is disguised as what this report refers to a Free Movie Tickets campaign. In this case a victim received an email which appears to be from a legitimate source. The mail claims that the victim has won a free movie ticket. Additionally, the email includes an exe file which in this case referred to as Ticketmovie.exe along with a readme.txt file. The txt file claims that for the victim to claim a ticket they need to run the executable file (Briddick, Briggs & Nicholson 2024).
The background story is believed as movies streaming promotions are currently popular which makes the victim less suspicious. Once the executable file is run, it extracts important information like IP address, browser credentials, and system details. It then transmits the details to an STFP server without the knowledge of the victim, via a txt file in this case encrypted.txt as shown in the code shown below. One of the assumption for this project is that the client using a windows platform and are very likely to trust the promotion process.
The above code extracts basic system information like hostname, username, and IP address. It saves information to a file named info text file. It then uploads the file to an SFPT server. Once the victim clicks the executable file it runs in the background and silently transmitting and gathering data.
The python code above is specifically designed to perform phishing attack. In this case it imports various libraries like pysftp, socket, and IS. For system information extraction, the code utilizes the get_system_info function. Additionally, a save_info() file is created to save the gathered information into a text file (Jensen et al. 2017).
Figure 2 below shows the sample encrypted text file which carries the information, one which was sent to the SFTP server. The created SFTP server IP address is 192.168.100.18 as shown below.
Conclusion
This project report demonstrates how one can easily gather information from users without their knowledge. Even though the example utilized in this case is simple, it mainly showcases the important components of a phishing attack. One of the component is social engineering which requires user to trigger a program which results to gathering of information. This showcases that organizations need to remain vigilant and educating their users constantly on the common tactics utilized by attackers to gather information
Reference list
Briddick, C, Briggs, P & Nicholson, J 2024, ‘Using Breach and Attack Demonstrations to Explain Spear Phishing Attacks to Young Adults’, IFIP advances in information and communication technology, vol. 1, Springer Science+Business Media, no. 1, pp. 65–80.
Gutierrez, CN, Kim, T, Corte, RD, Avery, J, Goldwasser, D, Cinque, M & Bagchi, S 2018, ‘Learning from the Ones that Got Away: Detecting New Forms of Phishing Attacks’, IEEE Transactions on Dependable and Secure Computing, vol. 15, no. 6, pp. 988–1001.
