A way to send the informations catched by e-mail

[mumumuumu]

You may want to send the informations catched by the spyware to somewhere else so i made this update who introduces functionality for sending emails with attachments, specifically designed to work with Gmail accounts using environment variables for security. The script now supports sending multiple emails in sequence and includes error handling to ensure variables are properly configured. The changes also include the ability to alternate between two Google accounts for sending emails. This addition improves the utility of the SpyWare by allowing automated and secure email reporting.

[mauricelambert]

Please read the issue: #2 .

[mauricelambert]

Your code contains your email, that's very bad, is not configurable and your email leaks. You don't have any docstring and your code is not working, with multiples errors and problems:

• undefined variables
• some variables may be configurable but values are written in the code
• you don't use english language
• you leak your secret password on all compromised computers

[mauricelambert]

This pull request can't be merged, i close it.

[mumumuumu]

Hey man, thanks for the feedback, but I did not understand the issue with the leaked email. I think the only leaked email is the target email that I'm using (it's a fake one) i could also change the target e-mail to a environmet variable. My own email is set as an environment variable using an application-specific password from Gmail, which I configured on my own machine. Do you think I should change the attachment send path to something dynamic? Like automatically capturing screenshots from a directory?

Btw thanks for analysing it, im a beginner.

[mauricelambert]

Yes the leaked email is: arthur.balke1@gmail.com

[mauricelambert]

Environment variables are very good for tests. On some production machine there are tokens or secrets in the environment variable, i think is not good because the environment variable can be read from other process when other process have the permissions. In your case the environment variables contain your password on a victim machine, if the spyware is detected by antimalware software, analysts will analyze the process and the memory and steal your password... I think you should never use real account (like gmail, gmail can leak multiple information about you when other people have access to the account, like IP address or other account linked to the gmail email address) in malware. You should use fake credentials to send payload to your custom server and your (secure) server can send a mail with a gmail account.

[mumumuumu]

I understand, thanks for the feedback again, i will try to improve this part of the code with that in mind, Im sure i will learn a lot!