NXcrypt | NXcrypt - 'python backdoor ' framework | Machine Learning library

If you've run the NXcrypt program, you've demonstrated a dangerous lack of consideration about security, and quite possibly destroyed your own work.

First sign of malice: while it's unclear what NXcrypt is actually supposed to do, all its key phrases are indicators of subterfuge at best: encryption, suspicious activity, backdoors, etc. The only possible excuse for requiring superuser permission is to alter your system itself; this was supposed to access a script, of all things.

First sign of incompetence: The description of what it does is technically impossible. Output being "fully undetectable" can only mean it doesn't exist. There's no logical reason it would need root. A backdoor is at best only useful to those who know how to access it, and this has no hints about structure of either input file. There's a "tutorial video" which at this point I fully expect to be a rick-roll. The checksum comparisons say nothing but that data is different.

A quick glance inside the script, and most of the variables are randomly named, reinforcing the impression the whole program is an act of trolling. A sign of sloppiness at best is that all the code is unstructured toplevel. They refer to bytecode compilation as "encryption" (which it is not). CPython's compiled bytecode is different with every release, so the whole antivirus detection description is a red herring at best; this is not a usable distribution format. It is also not an encrypted format at all; all the "junk" data does nothing but pad the file, at best.

Early on, the program does a Linux specific test demanding to be run as root. Nothing in the program has a sane reason to be run as root (or at all).

The program starts out by overwriting its input file, which is usually a terrible idea. After bytecompiling it, it uses a platform specific external command to rename it to the target filename, and the particular commands have different effects; besides which, there's a standard library function for that task.

In the "injection mode", the program tries to take two files and put them as bodies to two distinct functions, then make a script which starts both as distinct threads. It's a terrible idea much like the rest of the script, also very obvious as a signature, and if it ever works a testament to the effectiveness of Python's namespace scoping.

Conclusion: The program in question is useless and dangerous. It demonstrates a very poor understanding of what CPython does, poor skill in programming, and intent of creating malware. At best, it's a piece of junk trolling script kiddies.