BRANDING - RAVEN STUDIO
SpySnake: Silent Data Harvester
Overview
This Python script is a piece of spyware disguised as a simple Snake game. While the user plays the game, the script secretly records video from the user’s webcam and uploads the captured video to a specified Google Drive account. This malicious activity occurs without the user’s knowledge or consent.
Imports and Initialization
The script begins by importing essential libraries for its operations. It uses pygame and random for game development and random number generation, cv2 (OpenCV) for video capture and processing, and standard Python libraries like os, json, threading, and time for file operations, JSON parsing, threading, and timing functionalities. Additionally, it imports Google Drive API components (google.oauth2.credentials, googleapiclient.discovery, googleapiclient.http) for authentication and file upload, although scheduling with schedule isn’t utilized within the script.
Initialization
In the __init__ method of the SnakeGame class, the script initializes pygame for game development, sets up various game parameters such as colors, display dimensions, and the game’s initial state. The Pygame display is configured with specific width and height dimensions. Notably, the script includes hardcoded Google Drive credentials in JSON format, encompassing essential tokens like access_token, client_id, client_secret, refresh_token, and other necessary details. These credentials are parsed and authenticated using the Google Drive API, enabling the script to interact securely with Google Drive services.
Snake Game Functions
- The
SnakeGame class defines several methods essential for the game’s functionality:our_snake(self, snake_block, snake_list): Draws the snake on the game screen based on its current position.message(self, msg, color): Displays messages on the game screen, facilitating user interaction and feedback.upload_to_drive(self, filename): Manages the process of uploading specified files, such as video recordings, to Google Drive. Upon successful upload, it deletes the local copy of the file to maintain stealth.delete_file(self, filename): Handles the deletion of specified files from the local system, ensuring no traces of the recorded data remain after uploading.
Malicious Activity
The script engages in covert activities under the guise of a harmless Snake game. During gameplay, it discreetly captures video data from the user’s webcam using OpenCV (cv2.VideoCapture(0)). These video frames are continuously written to an output file (output.mp4). Upon completion of the game or termination, the script initiates an upload process to Google Drive using the previously authenticated credentials. The upload_to_drive method handles the upload operation, ensuring that the captured video file is securely transferred to remote storage. Subsequently, the delete_file method is invoked to eradicate any local traces of the video file, maintaining the malware’s covert nature.
Disguised as a Game
The script’s primary deception lies in its disguise as a classic Snake game, a familiar and non-suspect application that users willingly interact with. By presenting itself as an innocuous game, the script mitigates user suspicion or detection attempts. Users are likely unaware that while seemingly engaged in gameplay, the script covertly records and exfiltrates their video data to an external server, facilitating unauthorized surveillance or data collection activities.