Slow and steady wins the race! 🏆
This commit is contained in:
parent
ef9edf2e0e
commit
dd6910914c
1 changed files with 18 additions and 15 deletions
33
main.py
33
main.py
|
@ -246,7 +246,7 @@ def kill_suspicious_processes():
|
||||||
# Scan files for malware as they launch and kill if potentially malicious.
|
# Scan files for malware as they launch and kill if potentially malicious.
|
||||||
for file_path in cmdline:
|
for file_path in cmdline:
|
||||||
if os.path.isfile(file_path):
|
if os.path.isfile(file_path):
|
||||||
if scan_for_malware(file_path) and proc_name not in bypassed_processes and proc_name.loiwer() != "csrss.exe" and proc_name.lower() != "ntoskrnl.exe":
|
if scan_for_malware(file_path) and proc_name not in bypassed_processes and proc_name.lower() != "csrss.exe" and proc_name.lower() != "ntoskrnl.exe":
|
||||||
print(f"Terminating potentially malicious process {proc.info['name']} (PID: {proc.info['pid']} NOW...")
|
print(f"Terminating potentially malicious process {proc.info['name']} (PID: {proc.info['pid']} NOW...")
|
||||||
proc.terminate()
|
proc.terminate()
|
||||||
proc.wait()
|
proc.wait()
|
||||||
|
@ -296,20 +296,23 @@ def monitor_browser(browser='chrome'):
|
||||||
raise ValueError("Unsupported browser!")
|
raise ValueError("Unsupported browser!")
|
||||||
|
|
||||||
while True:
|
while True:
|
||||||
logs = driver.get_log('performance')
|
try:
|
||||||
for entry in logs:
|
logs = driver.get_log('performance')
|
||||||
for url in monitored_urls:
|
for entry in logs:
|
||||||
if url in entry['message']:
|
for url in monitored_urls:
|
||||||
print(f'Alert: Potential cookie or token theft attempt detected on {url}!')
|
if url in entry['message']:
|
||||||
|
print(f'Alert: Potential cookie or token theft attempt detected on {url}!')
|
||||||
|
|
||||||
# Kill process involved in suspicious browser activity
|
# Kill process involved in suspicious browser activity
|
||||||
for proc in psutil.process_iter(['pid', 'name', 'connections']):
|
for proc in psutil.process_iter(['pid', 'name', 'connections']):
|
||||||
if any(url in conn.raddr for conn in proc.info['connections']):
|
if any(url in conn.raddr for conn in proc.info['connections']):
|
||||||
bypassed_processes = load_bypassed_processes()
|
bypassed_processes = load_bypassed_processes()
|
||||||
if proc.info['name'].lower() not in bypassed_processes:
|
if proc.info['name'].lower() not in bypassed_processes:
|
||||||
print(f'Alert: Killing suspicious process {proc.info["name"]} (PID: {proc.info["pid"]})')
|
print(f'Alert: Killing suspicious process {proc.info["name"]} (PID: {proc.info["pid"]})')
|
||||||
proc.terminate()
|
proc.terminate()
|
||||||
proc.wait()
|
proc.wait()
|
||||||
|
except (Exception) as e:
|
||||||
|
print(f"Exception while monitoring browser behavior - ${e}")
|
||||||
time.sleep(1)
|
time.sleep(1)
|
||||||
driver.quit()
|
driver.quit()
|
||||||
|
|
||||||
|
@ -338,7 +341,7 @@ def threadCounter():
|
||||||
while True:
|
while True:
|
||||||
previous_count = threading.active_count()
|
previous_count = threading.active_count()
|
||||||
print(f"Active AntiMalware Threads: {current_count}")
|
print(f"Active AntiMalware Threads: {current_count}")
|
||||||
if current_count < previous_count and previous_count - current_count > -1:
|
if current_count > previous_count and current_count - previous_count > -1:
|
||||||
print("WARNING: THREAD KILL DETECTED!")
|
print("WARNING: THREAD KILL DETECTED!")
|
||||||
time.sleep(3) # check for malware every second
|
time.sleep(3) # check for malware every second
|
||||||
current_count = threading.active_count()
|
current_count = threading.active_count()
|
||||||
|
|
Loading…
Reference in a new issue