hijack-test 1.0.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 25166e5840bbf6923a4336e08fb05edc43c0e7cc64d5c3b0a179ba6f8520b131
+  data.tar.gz: f82b2878b8d534e22e08e522b033120a1e3e88124b3b7b3bb25940d1eb6d573c
+SHA512:
+  metadata.gz: f057ff9e8fe49b325d8504b54357718edbacfa69d3fbaa133bc5e24a48efb37bd750ce8cb42449c681ff61fc72037477a5b157f433dd4cf1e17d48f5c702d8ce
+  data.tar.gz: 48433420947b81516a30ae9f3224e4e8ab6e25f90c03f2eb2048828289bfe42dcf799737b6105b59fc97a7966cdca7d1dbd02be0104f35a0f808a156a3d88acd

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at royalunited@protonmail.ch. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [https://contributor-covenant.org/version/1/4][version]
+
+[homepage]: https://contributor-covenant.org
+[version]: https://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -0,0 +1,5 @@
+source 'https://rubygems.org'
+
+#gemspec
+
+gem 'clipboard'

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2020 linuxander
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,99 @@
+*This gem is update of CLIT, but name is taken and I chose this one to make it more clear what it to*
+
+# Introduction to Clipboard Hijack Tester
+
+Clipboard is always a good resource to steal data. Passwords and bank accounts were targeted in past,
+and cryptocurrencies in last few years. This is hard to determine since there's no server
+for communication, it doesn't care about your files, it's only purpose is to wait for you to copy
+BTC address to make a payment, to steal your coins. To keep us all safer, I've created `hijack-test gem`.
+
+---
+# How to Run
+
+Clone repository and run bin/setup to install dependencies:
+
+```
+git clone https://www.github.com/cybersecrs/hijack-test && cd hijack-test && bin/setup
+```  
+
+This will download source of hijack-test and install:
+
+ * notify-send
+ * spd-say
+ * gem 'clipboard'  
+
+If you have notify-send and spd-say, you can run:
+
+```
+bundle install
+or
+gem install clipboard
+```  
+
+To install gem locally run:
+
+```
+gem install hijack-test
+```  
+
+This is not recommended way to install, until I create list of addresses to use, not just one
+
+**Edit patterns for more security. Maybe someone put this address to avoid hijack-test.**
+
+Open lib/hijack-test.rb and edit lines:
+
+```
+BTC   = 'change btc address here'
+EMAIL = 'change email address here'
+```  
+
+Execute once
+
+```
+ruby bin/hit
+```  
+
+Execute every "n" seconds (default 1 hour):
+
+```
+ruby bin/hit -s
+or
+ruby bin/hit --start
+```  
+
+To change sleep time, edit number of seconds in *bin/hit* on line 11:
+
+```
+sleep(3600)
+```  
+
+
+---
+# How Clipboard Hijacker Work?
+
+There are many ways to create malware that steal or change clipboard data, and all of them use
+different techniques to manipulate system clipboard api. Earlier this year [Ruby Gems Website](https://rubygems.org)
+was filled with fake gems that include clipboard hijacker. It was found in 720 *ruby gems,* and malware targeted
+windows users only. It monitor users clipboard, and if it recognize string similar to BTC address,
+it change your clipboard data to one of many addresses from the list (recognition in this malware is based
+on regex). Hopefully, it's removed after two days and nobody lost their money. But that's for 2020 only,
+because [Ruby Gem's](https://rubygems.org) was under the same attack 2018 and 2019. They also think the
+attack was performed by same people.
+  
+[Check 'CLISTER' repository for proof of concept how hijackers work](https://www.github.com/cybersecrs/clister)
+>This script use `CryptoAddress Gem` to determine if clipboard data is valid address. If address is valid,
+>it's changed with one you defined.  
+
+---
+## How To Protect?
+        
+Get software that check your clipboard for changes when bitcoin address is copied.
+I didn't found one, so I've created [Hijack-Test](https://www.github.com/cybersecrs/hijack-test).
+This is in early development stage, but do it's job and test your device for Bitcoin address and E-mail address patterns.
+If copied and pasted addresses are not same, you'll receive alarm with sound and visual notification, and error in terminal window.
+
+---
+## Contribution
+
+If you like this gem, feel free to share it with your friends, so more people can use it.
+[cybersecrs.github.io](https://cybersecrs.github.io)

data/bin/hit

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require_relative '../lib/hijack-test.rb'
+
+  system("clear")
+  puts "Testing device on clipboard hijackers..."
+
+  unless ARGV[0] == '-s' || ARGV[0] == '--start'
+    HijackTest.new(1).start
+  else
+    while true do HijackTest.new(1).start; sleep(3600); system("clear") end
+  end
+

data/hijack-test.gemspec

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+Gem::Specification.new do |s|
+  s.name        = 'hijack-test'
+  s.version     = '1.0.2'
+  s.summary     = 'Clipboard Hijack Test'
+  s.description = <<~DESC
+    Hijack-Test check your device on clipboard hijackers.  
+    Prevent loosing Bitcoins and test your device.
+  DESC
+  s.authors     = ['Linuxander']
+  s.files       = ['lib/hijack-test.rb']
+  s.homepage    = 'https://cybersecrs.github.io/projects/hijack-test'
+  s.license     = 'GPL-3.0-only'
+
+  s.metadata['homepage_uri']    = 'https://cybersecrs.github.io/project/hijack-test'
+  s.metadata['source_code_uri'] = 'https://www.github.com/cybersecrs/hijack-test'
+  s.metadata['bug_tracker_uri'] = 'https://www.github.com/cybersecrs/hijack-test/issues'
+
+  s.bindir        = ['bin']
+  s.executables   = ['hit']
+  s.require_paths = ['lib']
+
+  s.files = ['bin/hit', 'lib/hijack-test.rb', 'LICENSE', 'README.md', 'hijack-test.gemspec', 'Gemfile', 'CODE_OF_CONDUCT.md']
+
+  s.add_runtime_dependency 'clipboard'
+
+  s.add_development_dependency 'bundler'
+  s.add_development_dependency 'rake'
+end

data/lib/hijack-test.rb

@@ -0,0 +1,101 @@
+#!/usr/bin/env ruby
+
+#================================================================================#
+#     Clipboard Hijack Tester - Keep Your Bitcoins Safe - @cybersecrs            #
+#================================================================================#
+
+
+require 'clipboard'
+
+
+class HijackTest
+
+
+#  Define Bitcoin and E-mail address
+
+  BTC   = "3AcLS7dgqVM1msDoaxzynNh4jRwmnQhcQ9"
+  EMAIL = "hijack@test.net"
+
+
+#  Define time to sleep between clipboard checking
+
+  def initialize(sleep_time)
+    @sleep = sleep_time.to_f
+  end
+
+
+#  Alarm for infected clipboard
+
+  def alarm
+    puts   "\nYOUR DEVICE IS INFECTED WITH CLIPBOARD HIJACKER !"
+    system("notify-send -u critical 'YOUR DEVICE IS INFECTED WITH CLIPBOARD HIJACKER !'")
+    system("spd-say 'Your device is infected with clipboard hijacker!'")
+  end
+
+
+#  Define copy
+
+  def copy(str)
+    Clipboard.copy(str)
+  end
+
+
+#  Define paste
+
+  def paste
+    Clipboard.paste
+  end
+
+
+#  Clear Clipboard
+
+  def clear
+    Clipboard.clear
+  end
+
+
+#  Test clipboard with bitcoin address
+ 
+  def test_btc
+    a = copy(@btc)
+    sleep(@sleep)
+    b = paste
+    clear
+    unless a == b
+      alarm; puts "Bitcoin address changed in clipboard!\n\n"
+    else
+      puts "Bitcoin pattern - test passed"
+    end
+  end
+
+
+#  Test clipboard with e-mail
+ 
+  def test_email
+    a = copy(@email)
+    sleep(@sleep)
+    b = paste
+    clear
+    unless a == b
+      alarm; puts "E-mail address changed in clipboard!\n\n"
+    else
+      puts "E-mail pattern - test passed"
+    end
+  end
+
+
+#  Define time to wait between testing clipboard
+
+  def wait!
+    sleep(@sleep)
+  end
+
+
+#  Test clipboard for different types
+
+  def start
+    test_btc
+    test_email
+  end
+
+end    # END OF CLASS

metadata

@@ -0,0 +1,97 @@
+--- !ruby/object:Gem::Specification
+name: hijack-test
+version: !ruby/object:Gem::Version
+  version: 1.0.2
+platform: ruby
+authors:
+- Linuxander
+autorequire: 
+bindir:
+- bin
+cert_chain: []
+date: 2020-10-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: clipboard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: "Hijack-Test check your device on clipboard hijackers.  \nPrevent loosing
+  Bitcoins and test your device.\n"
+email: 
+executables:
+- hit
+extensions: []
+extra_rdoc_files: []
+files:
+- CODE_OF_CONDUCT.md
+- Gemfile
+- LICENSE
+- README.md
+- bin/hit
+- hijack-test.gemspec
+- lib/hijack-test.rb
+homepage: https://cybersecrs.github.io/projects/hijack-test
+licenses:
+- GPL-3.0-only
+metadata:
+  homepage_uri: https://cybersecrs.github.io/project/hijack-test
+  source_code_uri: https://www.github.com/cybersecrs/hijack-test
+  bug_tracker_uri: https://www.github.com/cybersecrs/hijack-test/issues
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.4
+signing_key: 
+specification_version: 4
+summary: Clipboard Hijack Test
+test_files: []