A phishing app that is written in applescript. It is small and works on macs, whose users often don’t worry about malware on their computers. This makes the app more effective, especially when disguised as a music file or photo.

Here’s what it does:

It checks for a remote command, then creates a hidden folder in the user’s Public folder.

It copies a duplicate app to the hidden folder and creates a Launch Agent (to make the app start on login).

It prompts the user to enter their password into a dialog box. If the user doesn’t enter it within 10 seconds, the script kills all user processes, making the user have to log out in order to use the computer.

If the password is entered correctly, the script copies the user’s username, password, date, WAN IP, and LAN IP to an encrypted text file in the hidden folder.

If the password is not entered correctly, it forces the user to try again.

It uploads this file to an FTP server.

It copies the user’s login keychain into the same folder and uploads it to the same FTP server

It sends an email to all of the user’s contacts’ emails with the app attached.

Test the script by doing the following:

If you don’t want your app to upload the text file and the keychain to an FTP server or send the email, you can just download “Ready To Use App” and unzip it.

If you do want to upload to an FTP server and/or send out the email, follow the steps below.