POC Malware - Part 3

Yesterday I posted about the plan to release GaslitPad next week and some of the future capabilities I wanted to implement. I ended up adding the “inverted” attack which I’m now calling the “Sleep Attack”. So that will be available in the first release. Just a reminder, this POC Malware makes no attempts at obfuscation or hiding its actions.

There are now two attack options:

1. Active Attack - This attack will only occur when Windows Notepad is open and the system idle timer hits a predefined amount. If a targetted file is being edited a malicious change will be made to the text. Hopefully the victim will not notice the change and save the file.
2. Sleep Attack - This attack will occur only when Windows Notepad isn’t open. If a targetted file is detected in the Tab State files and is currently Unsaved a malicious change will be made to the text. Hopefully the victim will open Windows Notepad at a later time and save the file.

I still plan to implement more robust attack options and the ability to exfiltrate data from Windows Notepad. Additionally, the current POC Malware isn’t very smart and doesn’t detect if the malicious change has already been made.

I’m also having a little bit of a conundrum on not implementing any obfuscation or sneakiness. This might be a good learning opportunity to try and implement some of the tactics that actual malware uses. “Know your enemy” and all that.