GSMRaider - PoC of Malware with C&C GSM (SMS)

Hi all,

Today I am writing an article to present a proof of concept that I made last week.

The goal of the Proof of Concept was to write a Shell type of backdoor that would communicate with the attacker by GSM message (SMS).

I'll skip steps related to code it is available in two YouTube videos ( with a awesome sound of Mr Robot ) :

One : https://www.youtube.com/watch?v=Cv-SA9nZjiQ
Two : https://www.youtube.com/watch?v=g3FS64_wW6U

I decided to cut the malware in stages, in the first part the malware update a cron task with a simple ping for call and run process.

if a malware as already start the process close, else malware get random ip from fresh proxy list over internet and start one login.

if is a first login, he send a text message with some server informations.

Then the malware enter on part 2, and make two file (Honeypot),  if one file as been updated  he is removed

Now the malware listen SMS gate.

For moment i'have create only two command, one is only for execute system cmd, second is for send a content of file by the SMS gate.

sample with the first command (System LS)

For the second command , he wait one filename for get content

Next he send file content on website (Like pastebin.com) and we get paste id.

Now he send website name and the  paste id by the SMS gate.

FSociety ransomware S1E2-3

Hi people,

Last week i have write a small ransomware program like "FSociety".

Mr Robot S1E2-3 :

For this project i have use a C++ language with Curl, and Crypto++ library for AES encryption.

After run this malware can list all files with extension listed on one array, and encrypt all files with unique Key per encryption. the unique key as been delete (On the movie Mr robot the key is not saved.)

After end of encryption we can look one website with same look :

One part of source code is open sourced on my Github (But encrypt only .txt).

This project is just one wink for mr robot serie