AutoHotKey Malware – The New AutoIT - DefCamp - 2018

Explore the world of AutoHotKey malware in this DefCamp 2018 conference talk. Delve into the evolution of malicious scripting, comparing AutoHotKey to AutoIT and examining its rising popularity among cybercriminals. Learn about unpacking techniques, encoding methods, and exfiltration strategies employed in AutoHotKey-based attacks. Discover how these malicious scripts operate, including clipboard manipulation and Steam account theft. Analyze detection rates, investigate simple malware examples, and understand the attacker's operational methods. Gain insights into effective malware concealment tactics and explore the transition from Ducky scripts to AutoHotKey. Discuss countermeasures, including public exposure of malicious actors and implementation of security rules. Conclude with a Q&A session addressing AutoHotKey's position in the current threat landscape.

Intro
Welcome
Who am I
Selfpromotion
CounterStrike
AutoHotKey Malware
AutoHotKey Unpacking
Encoding
How it works
Exfiltration
Detection Rates
Simple Malware
ClipBanker
Steam
Stealing Steam
Who is this guy
Best place to stall malware
His Operation
File Sharing
Conclusion
Questions
AutoHotKey vs AutoIT
Back in the day
Ducky script to AutoHotKey
Gimp your tool
Public shaming
Rules
DNX Filter
Detection Rate