From isc.sans.edu
![](https://cert.bournemouth.ac.uk/wp-content/uploads/2023/02/image-28.png)
Today, everything is “smart” or “intelligent”. We have smartphones, smart cars, smart doorbells, etc. Being “smart” means performing actions depending on the context, the environment, or user actions.
For a while, backdoors and trojans have implemented screenshot capabilities. From an attacker’s point of view, it’s interesting to “see” what’s displayed on the victim’s computer. To take a screenshot in Python is easy as this:
import pyautogui screenshot = pyautogui.screenshot(‘screenshot.png')
You have two approaches to record screenshots:
- On-demand, when the C2 server issues a command like “TAKE_SCREENSHOT”
- At regular intervals (every x seconds)
In the first case, the attacker needs to interact with the malware and can miss interesting “screens”. In the second one, the technique will generate a lot of overloads (CPU, storage, bandwidth, …)