Yesterday, I made a project with Spotify and Twitter api, like the “now playing” feature in MSN.(here)
Then, while I was trying to sleep at night, ideas started colliding in my mind. ZzZzZz Can Spotify be used to store “malware & shellcode” and C2?
Obviously, the reason I show this technique is to raise awareness of this before the new generation threats can use similar techniques in the future.
What We Do
Let’s explain the technique.
What I’m doing is basically setting up a structure where I can extract the data from the song titles.
For this, I first encode the data with Base32. (It’s not base64 because there are no songs that start or contain + – characters)
Then I create a playlist by searching the characters of the encoded data I created on Spotify and selecting the track whose first character is this.
So far, we have placed the file & shellcode in a playlist.
Then we can proceed in the reverse way and extract and use the data we have stored.
- A playlist on Spotify can contain a maximum of 10000 songs therefore you cannot store large payloads
Using Spotify as C2