This project is an example of implementing a phishing attack using two approaches: generating malicious HTA files and the Paste-Jacking method.
HTA option:
When this option is selected, a malicious HTA file is generated, which is aimed at downloading and executing the final script on the target's computer.
The logic of operation is quite simple: the generated HTA file imitates a CAPTCHA verification page.
After opening the document, the user is asked to pass the verification, which in fact launches the execution of malicious code.
Paste-Jacking:
When this option is selected, an HTML document is created containing the phishing code by replacing the contents of the clipboard.
The generated document visually resembles the verification page for the "Robot".
When the user clicks the verification button, the malicious script is automatically copied to the clipboard.
Then the user is prompted under various pretexts to open a command prompt window (for example, using a keyboard shortcut) and paste the contents of the clipboard, thereby launching the execution of malicious code.
The project demonstrates the key aspects of constructing attacks of this kind and their operating scenarios. Please note that this example is intended solely for educational purposes and to raise awareness of potential information security threats.
0108_77iWlJn7.mp4
To run this script, you need to install the following Python library:
# install lib
pip install richThis project is for educational purposes only, intended for studying malware and security techniques. The author is not responsible for any malicious use of this software.
- Author: @K3rnel-Dev