Using Spotify Playlists as Malware CDN(!) | C2Tify

Hi there

Yesterday, I made a project with Spotify and Twitter api, like the “now playing” feature in MSN.(here)

Then, while I was trying to sleep at night, ideas started colliding in my mind. ZzZzZz Can Spotify be used to store “malware & shellcode” and C2?

Purpose

Obviously, the reason I show this technique is to raise awareness of this before the new generation threats can use similar techniques in the future.

What We Do

Let’s explain the technique.

What I’m doing is basically setting up a structure where I can extract the data from the song titles.

For this, I first encode the data with Base32. (It’s not base64 because there are no songs that start or contain + – characters)

Then I create a playlist by searching the characters of the encoded data I created on Spotify and selecting the track whose first character is this.

So far, we have placed the file & shellcode in a playlist.

Then we can proceed in the reverse way and extract and use the data we have stored.

Here is a PoC Repo

Limits

  • A playlist on Spotify can contain a maximum of 10000 songs therefore you cannot store large payloads

What’s Next

Using Spotify as C2

Using Spotify Playlists as Malware CDN(!) | C2Tify’ için 2 yanıt

kaganisildak için bir cevap yazın Cevabı iptal et

Aşağıya bilgilerinizi girin veya oturum açmak için bir simgeye tıklayın:

Gravatar
WordPress.com Logosu

WordPress.com hesabınızı kullanarak yorum yapıyorsunuz. Çıkış  Yap /  Değiştir )

Facebook fotoğrafı

Facebook hesabınızı kullanarak yorum yapıyorsunuz. Çıkış  Yap /  Değiştir )

Vazgeç

Connecting to %s