Type to search

How to make malware in 2019

Here we have all the resources on one page that will help you to create malware, the how to make malware tutorials are straight forward and they have been written by professionals that work daily with malware samples. Be prepared to get in touch with various programming languages, code editors, malware families and security tools.

What is malware

When we talk about malware, it is important to agree that we discuss software which has been designed to allow unauthorized access, damage and disrupt systems that make use of software. This literally means that anything around you that is powered and has software can be vulnerable to malware.

Github is your malware friend

When it comes to finding source code, proof-of-concepts, full botnets, malware samples and research papers you have to know that Github is the first place to search. Github is a massive library of public projects, and this can be literally anything.

Why you should use Github for your research:

  • It is free
  • You can search in various programming languages
  • You can view code
  • You can find awesome repositories

History of malware

Below there is a small timeline view, in the last 40 years there have been various types of malware families, it is strongly recommended to take a look at our malware knowledge page, there we have one-pagers on malware families.

  • Elk Cloner – 1982
  • Macro’s – 1990
  • Instant Messaging Worms – 2002
  • Adware – 2005
  • Rogue advertisement – 2009
  • Ransomware – 2013

Sandbox environments

Once you have build your proof-of-concept malware, it is important to test it, this can be done in multiple ways, the best way to do this is to make use of a sandbox environment. We do recommend to setup your own private Sandbox environment as this will guarentee better results, but if you want, there are also public Sandbox environments that you can use directly to test your new malware sample.

Create your own Sandbox environment

Public Sandbox environments

Reasons why you should have a private Sandbox system

The public sandbox environments work just fine, but there are limitations. In order to allow malware to run, it is important to have the correct requirements on the system, this can be as easy that the target machine for example has to be Windows 10, or a Linux environment. The current public sandbox environments do not allow you to decide which type of software needs to be installed on the target machine, in your own sandbox environment, you can be in full control when it comes to stuff like that.

Some more reasons

  • Install your own tools
  • Install the software you want to use in your research environment
  • You can use hardware based systems instead of virtual machines
  • The data you collect is yours
  • You can setup multiple environments and run them simultaneously
  • Capture errors and debug

Cyber Kill Chain

Before you start writing your malware, it is important to have a plan, and this is where the cyber kill chain comes in as a guide, it is up to you which steps you want to take in your proof-of-concept malware campaign, and it also depends on how you have designed your sandbox lab.

Programming languages

The amount of programming languages available is insane, it is all up to you to decide which programming language you want to use.

In order to help you forward, we have listed down some languages that you need to know about: 

Think outside of the box

How to create malware in Python

We have created a nice list of sources that can help you forward in creating Python malware samples, the tutorials here have been handpicked and if followed correctly, you will get a better understanding on how to create your own Python malware.

Malware Knowledge

It is important to keep your malware knowledge up-to-date, and in order to help you with that we have crafted the malware knowledge page, here we are listing down malware knowledge that has been collected and shared by malware reseachers.[/vc_column_text][/vc_column][/vc_row]

Emotet Trojan

The Emotet Trojan is a polymorphic banking Trojan which first was seen in 2014. The Trojan is known for its capabilities of performing spam campaigns and its powerful modules which allow it to steal credentials, read out emails and perform lateral movement on networks.

TrickBot Trojan

The Trickbot Trojan is a banking trojan that has a focus on infecting Windows operating systems. Trickbot was developed in 2016 and it is one of the recent banking Trojans which has been inspired by the Dyreza Banking Trojan. Trickbot is a persistent banking Trojan.

Malware frameworks

There are project that provide complete frameworks, one of the quickly used framework is the Metasploit framework. This framework contains all types of malware techniques. This framework is included in the Kali Linux operating system, it is strongly recommended to take a view at the source code of the Metasploit payloads, there is a lot you can learn from them.

MSFVenom Framework

We have listed down all the MSFVenom Payloads on one page, take a look and start playing with MSFVenom.

Resources used




Editors and Security Tools

If you are searching for the best malware editors and security tools, then you have to take a look at our best cyber security tools list, here we have listed down the best programming editors and cyber security tools.