Jump to content

Search the Community

Showing results for tags 'keylogger'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 9 results

  1. I IN NO WAY TAKE ANY CREDIT FOR THIS IT WAS TAKEN FROM MDL FORUM AND SOME POSTS MY MEMBERS ON THIS FORUM! Manual: Tools: Microsoft Telemetry Tools Bundle v1.31 Windows 10 Lite v9 Private WinTen v0.1h Blackbird v6 v1.0.79.3 [Works with Win 7/8/8/1/10] O&O ShutUp10 v1.6.1403 WPD - Windows Privacy Dashboard v1.3.1323 WindowsSpyBlocker v4.25.0 Spybot Anti-Beacon v3.1 [Works with Win 7/8/8/1/10] W10Privacy v3.3.1.0 Destroy Windows Spying v1.0.1.0 [Works with Win 7/8/8/1/10] [NOT RECOMMENDED AS NOT UPDATED ANYMORE] Disable Windows 10 Tracking v3.2.1
  2. Cybercriminals are quite innovative, to be honest; they are always coming up with unique ways of exploiting Windows-based systems. According to the findings of Boston-based cyber-security firm Cybereason, one of their newly identified techniques involves using keylogger malware that exploits AutoIT or AutoHotKey (AHK). Fauxpersky Malware Spreads via malicious USB drives The malware, dubbed by Cybereason researchers as Fauxpersky, is though not as sophisticated as some of the recently discovered malware but it can efficiently steal passwords from Windows systems. It is spread via infected USB drives. Cybereason researchers Amit Serper and Chris Black wrote in the company’s official blog post published on Wednesday: “This malware is by no means advanced or even very stealthy. However, this malware is highly efficient at infecting USB drives and exfiltrating data from the keylogger through Google directly to the attacker’s mailbox.” AutoIT or AHk are quite basic tools used to write small programs for performing a variety of GUI and keyboard automation functions on Windows systems. For instance, AHK uses its own scripting language to let users write code to interact with Windows and perform tasks like reading text or sending keystrokes to other applications. It also lets users create a compiled .exe file. Fauxpersky is capable of impersonating Kaspersky, well-known Russian antivirus software, whereas the keylogger is created by abusing AHK app. The infection is distributed to the system via USB drives and manages to compromise PCs that run Windows by replicating files stored on the device’s listed drives. Four droppers Moreover, researchers also identified four droppers in the computer’s environment and each one had a dedicated name, which was quite similar to the names of Windows OS files. The names are as follows: · Explorers.exe · Spoolsvc.exe · Svhost.exe · Taskhosts.exe The method used by AHK keylogger is quite straightforward; it spreads through self-propagation technique. After being executed initially, the keylogger starts gathering information about all the listed drives on the computer and begins the replication process. When the core files of the malware start running on the system, whatever the user types on the computer gets stored into a text file bearing the respective window’s name. This way, the attacker gets a better idea of the background context of the text that has been keylogged. This text file’s contents are then exfiltrated from the device via a Google Form. The file then gets deleted from the system while the text file is transferred to the attacker via email. Google was notified of this form by Serper and Black, after which it was taken down in an hour. However, Google did not release any statement explaining who created the form. From the way the malware has been designed, it is evident that the developers did not pay attention to key aspects to make it look authentic such as changing the executable’s icon from that of AHk’s default icon or creating a rather unconvincing splash screen, which is an exact replica of Kaspersky’s screen. However, once the malware is spread onto the system, it remains persistent and gets booted up again after Windows system is restarted. It also creates a shortcut for itself in the startup directory of the Start menu. Limited damage and how to get rid of Fauxpersky Malware Currently, it is not clear how many computers have been infected but considering that the malware is distributed through sharing of USB drives, it can be assumed that it hasn’t been spread extensively as yet. If you feel that your computer is also infected, simply access %appdata%\Roaming\ and delete the files related to Kaspersky Internet Security 2017\ directory and the directory itself from the startup directory located in the start menu. Source
  3. More than 2,000 WordPress websites have once again been found infected with a piece of crypto-mining malware that not only steals the resources of visitors' computers to mine digital currencies but also logs visitors' every keystroke. Security researchers at Sucuri discovered a malicious campaign that infects WordPress websites with a malicious script that delivers an in-browser cryptocurrency miner from CoinHive and a keylogger. Coinhive is a popular browser-based service that offers website owners to embed a JavaScript to utilise CPUs power of their website visitors in an effort to mine the Monero cryptocurrency. Sucuri researchers said the threat actors behind this new campaign is the same one who infected more than 5,400 Wordpress websites last month since both campaigns used keylogger/cryptocurrency malware called cloudflare[.]solutions. Spotted in April last year, Cloudflare[.]solutions is cryptocurrency mining malware and is not at all related to network management and cybersecurity firm Cloudflare. Since the malware used the cloudflare[.]solutions domain to initially spread the malware, it has been given this name. The malware was updated in November to include a keylogger. The keylogger behaves the same way as in previous campaigns and can steal both the site's administrator login page and the website's public facing frontend. If the infected WordPress site is an e-commerce platform, hackers can steal much more valuable data, including payment card data. If hackers manage to steal the admin credentials, they can just log into the site without relying upon a flaw to break into the site. The cloudflare[.]solutions domain was taken down last month, but criminals behind the campaign registered new domains to host their malicious scripts that are eventually loaded onto WordPress sites. The new web domains registered by hackers include cdjs[.]online (registered on December 8th), cdns[.]ws (on December 9th), and msdns[.]online (on December 16th). Just like in the previous cloudflare[.]solutions campaign, the cdjs[.]online script is injected into either a WordPress database or the theme's functions.php file. The cdns[.]ws and msdns[.]online scripts are also found injected into the theme's functions.php file. The number of infected sites for cdns[.]ws domain include some 129 websites, and 103 websites for cdjs[.]online, according to source-code search engine PublicWWW, though over a thousand sites were reported to have been infected by the msdns[.]online domain. Researchers said it's likely that the majority of the websites have not been indexed yet. If your website has already been compromised with this infection, you will require to remove the malicious code from theme's functions.php and scan wp_posts table for any possible injection. Users are advised to change all WordPress passwords and update all server software including third-party themes and plugins just to be on the safer side. https://thehackernews.com/2018/01/wordpress-keylogger.html
  4. The audio driver installed on some HP laptops includes a feature that could best be described as a keylogger, which records all the user's keystrokes and saves the information to a local file, accessible to anyone or any third-party software or malware that knows where to look. Swiss cyber-security firm modzero discovered the keylogger on April 28 and made its findings public today. Keylogger found in preinstalled audio driver According to researchers, the keylogger feature was discovered in the Conexant HD Audio Driver Package version and earlier. This is an audio driver that is preinstalled on HP laptops. One of the files of this audio driver is MicTray64.exe (C:\windows\system32\mictray64.exe). This file is registered to start via a Scheduled Task every time the user logs into his computer. According to modzero researchers, the file "monitors all keystrokes made by the user to capture and react to functions such as microphone mute/unmute keys/hotkeys." This behavior, by itself, is not a problem, as many other apps work this way. The problem is that this file writes all keystrokes to a local file at: C:\users\public\MicTray.log Audio driver also exposes keystrokes in real-time via local API If the file doesn't exist or a registry key containing this file's path does not exist or was corrupted, the audio driver will pass all keystrokes to a local API, named the OutputDebugString API. The danger is that malicious software installed on the computer, or a person with physical access to the computer, can copy the log file and have access to historical keystroke data, from where he can extract passwords, chat logs, visited URLs, source code, or any other sensitive data. Furthermore, the OutputDebugString API provides a covert channel for malware to record real-time keystrokes without using native Windows functions, usually under the watchful eye of antivirus software. Keylogger feature confirmed in HP laptops Modzero researchers said they found the Conexant HD Audio Driver Package preinstalled on 28 HP laptop models. Other hardware that uses this driver may also be affected, but investigators haven't officially confirmed that the issue affects other manufacturers. HP EliteBook 820 G3 Notebook PC HP EliteBook 828 G3 Notebook PC HP EliteBook 840 G3 Notebook PC HP EliteBook 848 G3 Notebook PC HP EliteBook 850 G3 Notebook PC HP ProBook 640 G2 Notebook PC HP ProBook 650 G2 Notebook PC HP ProBook 645 G2 Notebook PC HP ProBook 655 G2 Notebook PC HP ProBook 450 G3 Notebook PC HP ProBook 430 G3 Notebook PC HP ProBook 440 G3 Notebook PC HP ProBook 446 G3 Notebook PC HP ProBook 470 G3 Notebook PC HP ProBook 455 G3 Notebook PC HP EliteBook 725 G3 Notebook PC HP EliteBook 745 G3 Notebook PC HP EliteBook 755 G3 Notebook PC HP EliteBook 1030 G1 Notebook PC HP ZBook 15u G3 Mobile Workstation HP Elite x2 1012 G1 Tablet HP Elite x2 1012 G1 with Travel Keyboard HP Elite x2 1012 G1 Advanced Keyboard HP EliteBook Folio 1040 G3 Notebook PC HP ZBook 17 G3 Mobile Workstation HP ZBook 15 G3 Mobile Workstation HP ZBook Studio G3 Mobile Workstation HP EliteBook Folio G1 Notebook PC The Conexant HD Audio Driver Package has versions for the following operating systems. Microsoft Windows 10 32-Bit Microsoft Windows 10 64-Bit Microsoft Windows 10 IOT Enterprise 32-Bit (x86) Microsoft Windows 10 IOT Enterprise 64-Bit (x86) Microsoft Windows 7 Enterprise 32 Edition Microsoft Windows 7 Enterprise 64 Edition Microsoft Windows 7 Home Basic 32 Edition Microsoft Windows 7 Home Basic 64 Edition Microsoft Windows 7 Home Premium 32 Edition Microsoft Windows 7 Home Premium 64 Edition Microsoft Windows 7 Professional 32 Edition Microsoft Windows 7 Professional 64 Edition Microsoft Windows 7 Starter 32 Edition Microsoft Windows 7 Ultimate 32 Edition Microsoft Windows 7 Ultimate 64 Edition Microsoft Windows Embedded Standard 7 32 Microsoft Windows Embedded Standard 7E 32-Bit HP did not respond to a request for comment from Bleeping Computer in time for this article's publication. Modzero researchers say the only way to mitigate the issue is by deleting the MicTray64.exe. Article source
  5. Rather than using macros, this malware uses Visual Basic Script to avoid detection. The lure comes in the form of a Packager Shell Object. Cybercriminals are targeting a US major financial services provider with malicious emails containing the tools required to install information collecting keylogging software onto the infected systems. Keylogging enables hackers to see everything that's typed using the keyboard of an infected machine, something which can be exploited to steal information, personal information, and login credentials. Cybersecurity researchers at Proofpoint note that the attack is very narrow in scope, targeting users in just a single US-based financial services and insurance organisation with malicious emails. Naturally, banks are a high-profile target for cybercriminals who not only see money as a lucrative target, but also view financial institutions as a treasure trove of data to exploit. Like many phishing threats, the email contains an attachment in the form of a Microsoft Word document, designed to deliver the payload. However, unlike most phishing emails containing malicious attachments, which use macros to avoid detection, this one uses an embedded object in the form of a Visual Basic Script that acts as a downloader for the malware. "It is a Packager Shell Object. When content like a script is packaged as a Packager Shell Object, it can be opened and executed from within the Microsoft Office file in which it is embedded," says Kevin Epstein, VP of the threat operations center at Proofpoint. In this instance, the emails sent in this cyberattack include a Microsoft World attachment named "info.doc", which contains an image requesting the user clicks on it to install Microsoft Silverlight in order to view the supposed content of the document. However, upon closer examination of the image, researchers note that it reveals itself as not a link, but rather a Visual Basic Script file which contains code for keylogging malware which will run when clicked on. Once installed on an infected system, the malware will log the keystrokes and sends the information to two hard-coded Gmail addresses. While researchers haven't been able to specifically identify the keylogger being used in this attack, it's written in the Aultolt scripting language and uses tools including Lazagne password recovery to help gather credentials. There's no indication of who is behind the attacks against the unnamed financial services firm, but researchers indicate the malicious software used was obtained from a public malware repository and uploaded from Estonia. According to Proofpoint, this indicates that the keylogger may have been used in attacks against similar institutions. Researchers note that while the malware is basic compared to other exploits, the way the keylogger is being delivered to end users represents a shift from the tried and tested method of tricking them into enabling macros. While Microsoft Office applications can block macros by default, this threat indicates that cyberattacks are very much active in developing new ways to deliver their malicious payloads. Article source
  6. LeeSmithG

    Zemana 365 free key

    Here we go, 365 days key. 5876-0642-3626-3270
  7. By Cyrus Farivar - Jan 31 2014, 1:30pm AUSEST A hacking scandal involving keyloggers and electronic grade-changing at a high school in Newport Beach, a well-to-do area of Southern California, has resulted in the expulsion of 11 students. The Orange County Register reported Wednesday that six of those students had already left the district, but five had been transferred to another local school. “The Board’s action imposes discipline upon these students for the maximum allowed by the Education Code for what occurred at Corona del Mar High School,” Laura Boss, the Newport Mesa Unified School District spokesperson wrote in a statement on Wednesday. US News and World Report ranked the high school in question as the 46th best within California. However The Daily Pilot, a local newspaper, reported that this isn't the first time the school has been associated with cheating: "Two years ago, 10 Corona del Mar students bought answers for a history test on Amazon.com. One student was accused of attempting to sell the answers to classmates. A 17-year-old Corona del Mar senior was arrested in 2004 after being accused of changing grades in the school's computer system for other students." Where's Tim? Local police have accused Timothy Lance Lai, a 28-year-old tutor, as being the possible ringleader of an operation to install keyloggers on school computers and help students change their grades. His whereabouts remain unknown. According to the Los Angeles Times, the school district “is now in the process of auditing 52,000 student grades to see if others might have been altered by students this year. The tutor, parents told the district, worked with as many as 150 students.” Jennifer Manzella, a Newport Beach Police Department spokesperson, told Ars that Lai has not been charged with a crime, but that the police continue to seek him as a person of interest in the case. The police did execute a search on his home in December 2013, seizing a number of items, including hard drives, flash drives, and school materials. “We have not made contact with him since [our preliminary] investigation [in December 2013],” she said. “He’s not wanted, we don’t have a warrant out for his arrest.” According to a review of court documents, including a search warrant and an affidavit, which Ars obtained from the Superior Court of California County of Orange on Thursday, police believe that Lai’s involvement goes back to at least April 2012. The affidavit states that police believe Lai violated California Penal Code 502©(4): "Knowingly accesses and without permission adds, alters, damages, deletes, or destroys any data, computer software, or computer programs which reside or exist internal or external to a computer, computer system, or computer network." According to the Corona del Mar Today blog one student, Isabel Jorgensen, told the school board that she worried about the broader impact this scandal may have on all students in the district. “They put others at risk and they put others in harm's way and they tarnished the reputation of their high school,” she said. “To hear that they might be coming to Newport Harbor High School to tarnish our reputation is equally scary and terrifying.” Lawyering up According to an affidavit written by Detective David Syvock of the Newport Beach Police Department (NBPD), local police were first made aware of a possible “cheating incident” at the high school back on June 18, 2013. A science teacher, Kim Rapp, told school administrators that someone may have accessed her computer and changed grades for some of her students. Police later concluded that “grades were changed from a remote computer during the early morning hours of June 14, 2013.” That review clearly showed that two students were involved at that point. Ars is withholding their names as they are minors. Neither Boss, the district spokesperson, nor Rapp, nor police investigators responded immediately to Ars’ request for comment. One of the students (whom Ars will refer to as “A,") told police that she and her friend “B” had their environmental science grade changed as the result of a “device” that B had installed on Rapps’ computer. In A’s case, her grade went from a C to a B. A also told police that B had instructed A to take blame for the incident. Further, B told A that her “tutor” pushed A to also take the blame. When the police tried to interview B to find out the tutor’s name, her mother told the police that the family had retained counsel and that B would not make a statement to the police. Consequently, the police temporarily closed the case. However, they got a break at the end of the year. Police heard tutor say other students were "fucked" On December 17, 2013, Officer Anderson of the NBPD was contacted by a Corona Del Mar High School assistant principal who had information pertaining to the hacking scandal. A third student, C, told the police that his tutor—this time identified as Timothy Lance Lai— “asked him to place a keylogger device on the computer of various teachers” at the school. C declined to help Lai, but Lai persisted—specifically he asked for C’s help in placing the keylogger on the computers of the Honors Chemistry, Spanish, and English teachers. C did not comply with this request but did manage to put the device on the AP World History teacher’s computer. In exchange, Lai allegedly gave C a copy of an upcoming test. C also told police about an occasion where he and Lai went to the school late at night to place a keylogger on the chemistry teacher’s computer. Lai had an “electronic lock picking device,” which C said did not work, but they managed to gain access anyway. The 11th grader also told police that 11 other students at the school were involved in the cheating ring. Additionally he identified Lai to police on his Facebook page. C also allowed police to search his phone and examine text messages between himself and Lai. The conversations include information about meetings for tutoring as well as discussions about the cheating scheme. There were several messages within the dialogue about installing devices on computers as well as pictures of what appeared to be high school tests. It was clear from the content that Lai and [C] were using text messaging to discuss strategies on how to continue this elaborate scheme. On December 18, 2013, Officer Anderson presented a six pack photo lineup for C, including Lai and five similarly featured individuals. C “positively identified Timothy Lance Lai as his tutor and the person who provided him with the keylogger devices to install on the computers at Corona del Mar High School.” The same day, Officer Anderson and Detective Syvock met with C at a police interview room, during which time they placed a “covert call” between C and Lai, which the police recorded. During the phone call, Lai made statements implicating himself in the elaborate cheating scheme. Lai also identified other CDM High students who were involved in the scheme as he told [C] that they were, “Fucked.” As a result of the affidavit, the Newport Beach police were allowed to search Lai’s home and 2001 Toyota. Among the items seized were four USB thumbdrives, two hard drives, a Motorola cellphone, an “unknown electronic device,” a “book with cut-out containing a concealed, unknown electronic device,” a “legal notepad with student names,” and various math assignments, quizzes, and tests. A search of Lai’s premises also turned up a “micro camera with attached battery.” http://arstechnica.com/tech-policy/2014/01/11-high-school-students-expelled-for-keylogging-teachers-computers
  8. Ardamax Keylogger 4.0.6 Ardamax Keylogger is a keystroke recorder that captures user's activity and saves it to an encrypted log file. The log file can be viewed with the powerful Log Viewer. Use this tool to find out what is happening on your computer while you are away, maintain a backup of your typed data automatically or use it to monitor your kids. Also you can use it as a monitoring device for detecting unauthorised access. Logs can be automatically sent to your e-mail address, access to the keylogger is password protected. Besides, Ardamax Keylogger logs information about the Internet addresses the user has visited. This invisible spy application is designed for 2000, XP, 2003, Vista, 7 and Windows 8. Keylogger Features: Email log delivery - keylogger can send you recorded logs through e-mail delivery at set times - perfect for remote monitoring! FTP delivery - Ardamax Keylogger can upload recorded logs through FTP delivery. Network delivery - sends recorded logs through via LAN. Clipboard logging - capture all text copied to the Windows Clipboard. Invisible mode makes it absolutely invisible to anyone. Ardamax Keylogger is not visible in the task bar, system tray, Windows 2000/XP/2003/Vista/Windows 7 Task Manager, process viewers (Process Explorer, WinTasks etc.), Start Menu and Windows Startup list. Visual surveillance - periodically makes screenshots and stores the compressed images to log. Chat monitoring - Ardamax Keylogger is designed to record and monitor both sides of a conversation in following chats:AIM Windows Live Messenger 2011 ICQ 7 Skype 4 Yahoo Messenger 10 Google Talk Miranda QiP 2010 Security - allows you to protect program settings, Hidden Mode and Log file. Application monitoring - keylogger will record the application that was in use that received the keystroke! Time/Date tracking - it allows you to pinpoint the exact time a window received a keystroke! Powerful Log Viewer - you can view and save the log as a HTML page or plain text with keylogger Log Viewer. Small size – Ardamax Keylogger is several times smaller than other programs with the same features. It has no additional modules and libraries, so its size is smaller and the performance is higher. Ardamax Keylogger fully supports Unicode characters which makes it possible to record keystrokes that include characters from Japanese, Chinese, Arabic and many other character sets. It records every keystroke. Captures passwords and all other invisible text. Other Features: Windows 2000/2003/XP/Vista/Windows 7/Windows 8 support Monitors multi-user machines Automatic startup Friendly interface Easy to install
  • Create New...