An open source Remote Administration Tool (RAT) for macOS/ OSX that was published on Github in 2018. EvilOSX is written in Python, and according to the developer the motivation behind it was that it will be used in “Rubber Ducky”. A USB mostly used by hackers to inject keystrokes to a computer is connected and with that bypasses the need to enter credentials on the login screen.


Since it is open source, it may be used by anyone for different uses that it was mainly created. Some of its abilities it can perform on the system include:- Steal password from Chrome – Steal iCloud tokens and contacts – Collect browsers history – Record the microphone – Take screenshots or pictures with webcamThe full capabilities list is below:


On the server side (C&C), the EvilOSX will show the list of bots and available commands to perform remotely on each one of them:



Links:


Samples:
e4d7bce2a6900424e62bfc9a871382b56aaa510a