Jump to content

Search the Community

Showing results for tags 'keylogger'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 7 results

  1. I IN NO WAY TAKE ANY CREDIT FOR THIS IT WAS TAKEN FROM MDL FORUM AND SOME POSTS BY MEMBERS ON THIS FORUM! Manual: Tools: Microsoft Telemetry Tools Bundle v1.77 Windows 10 Lite v9 Private WinTen v0.75b Blackbird v6 v1.0.79.3 [Works with Win 7/8/8/1/10] O&O ShutUp10 v1.8.1410 WPD - Windows Privacy Dashboard v1.3.1532 WindowsSpyBlocker v4.29.0 Spybot Anti-Beacon v3.5 [Works with Win 7/8/8/1/10] W10Privacy v3.4.0.1 SharpApp v0.44.20 Debotnet v0.7.8 Disable Windows 10 Tracking v3.2.3 Destroy Windows Spying v1.0.1.0 [Works with Win 7/8/8/1/10] [NOT RECOMMENDED AS NOT UPDATED ANYMORE]
  2. Metamorfo Returns with Keylogger Trick to Target Financial Firms The malware uses a tactic to force victims to retype passwords into their systems – which it tracks via a keylogger Researchers have discovered a recent spate of phishing emails spreading a new variant of Metamorfo, a financial malware known for targeting Brazilian companies. Now, however, it’s expanding its geographic range and adding a new technique. Metamorfo was first discovered in April 2018, in various campaigns that share key commonalities (like the use of “spray and pray” spam tactics). These campaigns however have small, “morphing” differences — which is the meaning behind its name. This newest variant, which targets payment-card data and credentials at financial institutions with Windows platforms, packs a new trick up its sleeve. Once executed, the malware kills the auto-suggest data entry fields in browsers, forcing victims to write out their passwords – which it then tracks via a keylogger. It’s also changing in other ways: “Metamorfo is a malware family that was observed targeting the customers of online financial institutions,” said researcher Xiaopeng Zhang, with Fortinet’s FortiGuard Labs, in a post this week. “This… Metamorfo variant targets the customers of even more financial institutions across multiple countries.” Infection The recent variant is first spread via phishing emails that distribute a ZIP archive containing an MSI file (named “view-(AVISO)2020.msi”). Researchers inspected this MSI file’s stream (a sequence of bytes written to files, giving more information about their attributes) and found JavaScript code mixed in with a wide swath of garbage strings. The extracted and de-obfuscated code revealed that the MSI file downloads a ZIP file from a URL, which then adds itself into the auto-run group in the victim’s system registry to ensure that it runs automatically whenever the infected system starts. This ZIP file also contains three files (“cMejBlQe.exe,” “M6WnYxAh” and “YvSVUyps.dll”) that are decompressed into a newly-created folder and renamed with random strings, which then run an AutoIT script execution program. Researchers said that AutoIt, a legitimate, freeware programming language for Microsoft Windows, has been abused by a various malware families in the past as a method to help them bypass antivirus detection. The command line finally loads a DLL file code with the payload. This is protected by a packer, VMProtect, which is a “very strong packer that supports dynamic code protection when the target process is running,” said FortiGuard researchers. “This creates a big challenge for analysts. For example, all API addresses are hidden and are dynamically calculated before calling.” Tricks In a new tactic for Metamorfo, once executed it terminates running browsers (including Microsoft IE, Mozilla Firefox, Google Chrome, Microsoft Edge and Opera), and then modifies various registry keys to disable Internet Explorers’ functions, like auto-complete and auto-suggest. The malware also has the ability to display a control asking the victim to enter their passwords. Researchers said these dual functionalities enable the malware to track victims’ passwords as they manually write them out – enabling the malware operators to keep tabs on passwords even if they’re changed. “What is the purpose of killing the browsers and disabling their auto-complete and auto-suggest functions? This action forces the victim to hand-enter data without auto-complete, such as whole URLs, along with login-name, password and so on in the browser,” said Zhang. “This allows the malware’s keylogger function to record the largest number of actions from the victim’s input.” The malware also was able to display a fake message to the victim asking them to enter legitimate security confirmation codes they had received, in a tricky technique for attackers to bypass two-factor authentication (2FA), Zhang told Threatpost. “Sometimes financial websites use 2FA to protect their customers like sending a security code via SMS/email to the customer, then verifying the customer’s input on the website,” he said. “Since the attacker could not get the code, the verification will fail. So this malware strain asks for the code from the victim by prompting a fake message.” Beyond this technique, the malware’s arsenal of capabilities are similar to older variants: It collects information such as the OS version, computer name, installed antivirus software and more from the victim’s systems, and also creates tasks to monitor Bitcoin wallet addresses on the system clipboard, and to detect whether or not the victim is accessing a financial institution website. The Metamorfo news comes on the heels of the return of the CamuBot malware, also known for targeting Brazilian bank customers. In a slew of highly personalized attacks, CamuBot is targeting victims’ mobile banking apps as an extra step to evade detection when making fraudulent transfers. Source
  3. Cybercriminals are quite innovative, to be honest; they are always coming up with unique ways of exploiting Windows-based systems. According to the findings of Boston-based cyber-security firm Cybereason, one of their newly identified techniques involves using keylogger malware that exploits AutoIT or AutoHotKey (AHK). Fauxpersky Malware Spreads via malicious USB drives The malware, dubbed by Cybereason researchers as Fauxpersky, is though not as sophisticated as some of the recently discovered malware but it can efficiently steal passwords from Windows systems. It is spread via infected USB drives. Cybereason researchers Amit Serper and Chris Black wrote in the company’s official blog post published on Wednesday: “This malware is by no means advanced or even very stealthy. However, this malware is highly efficient at infecting USB drives and exfiltrating data from the keylogger through Google directly to the attacker’s mailbox.” AutoIT or AHk are quite basic tools used to write small programs for performing a variety of GUI and keyboard automation functions on Windows systems. For instance, AHK uses its own scripting language to let users write code to interact with Windows and perform tasks like reading text or sending keystrokes to other applications. It also lets users create a compiled .exe file. Fauxpersky is capable of impersonating Kaspersky, well-known Russian antivirus software, whereas the keylogger is created by abusing AHK app. The infection is distributed to the system via USB drives and manages to compromise PCs that run Windows by replicating files stored on the device’s listed drives. Four droppers Moreover, researchers also identified four droppers in the computer’s environment and each one had a dedicated name, which was quite similar to the names of Windows OS files. The names are as follows: · Explorers.exe · Spoolsvc.exe · Svhost.exe · Taskhosts.exe The method used by AHK keylogger is quite straightforward; it spreads through self-propagation technique. After being executed initially, the keylogger starts gathering information about all the listed drives on the computer and begins the replication process. When the core files of the malware start running on the system, whatever the user types on the computer gets stored into a text file bearing the respective window’s name. This way, the attacker gets a better idea of the background context of the text that has been keylogged. This text file’s contents are then exfiltrated from the device via a Google Form. The file then gets deleted from the system while the text file is transferred to the attacker via email. Google was notified of this form by Serper and Black, after which it was taken down in an hour. However, Google did not release any statement explaining who created the form. From the way the malware has been designed, it is evident that the developers did not pay attention to key aspects to make it look authentic such as changing the executable’s icon from that of AHk’s default icon or creating a rather unconvincing splash screen, which is an exact replica of Kaspersky’s screen. However, once the malware is spread onto the system, it remains persistent and gets booted up again after Windows system is restarted. It also creates a shortcut for itself in the startup directory of the Start menu. Limited damage and how to get rid of Fauxpersky Malware Currently, it is not clear how many computers have been infected but considering that the malware is distributed through sharing of USB drives, it can be assumed that it hasn’t been spread extensively as yet. If you feel that your computer is also infected, simply access %appdata%\Roaming\ and delete the files related to Kaspersky Internet Security 2017\ directory and the directory itself from the startup directory located in the start menu. Source
  4. More than 2,000 WordPress websites have once again been found infected with a piece of crypto-mining malware that not only steals the resources of visitors' computers to mine digital currencies but also logs visitors' every keystroke. Security researchers at Sucuri discovered a malicious campaign that infects WordPress websites with a malicious script that delivers an in-browser cryptocurrency miner from CoinHive and a keylogger. Coinhive is a popular browser-based service that offers website owners to embed a JavaScript to utilise CPUs power of their website visitors in an effort to mine the Monero cryptocurrency. Sucuri researchers said the threat actors behind this new campaign is the same one who infected more than 5,400 Wordpress websites last month since both campaigns used keylogger/cryptocurrency malware called cloudflare[.]solutions. Spotted in April last year, Cloudflare[.]solutions is cryptocurrency mining malware and is not at all related to network management and cybersecurity firm Cloudflare. Since the malware used the cloudflare[.]solutions domain to initially spread the malware, it has been given this name. The malware was updated in November to include a keylogger. The keylogger behaves the same way as in previous campaigns and can steal both the site's administrator login page and the website's public facing frontend. If the infected WordPress site is an e-commerce platform, hackers can steal much more valuable data, including payment card data. If hackers manage to steal the admin credentials, they can just log into the site without relying upon a flaw to break into the site. The cloudflare[.]solutions domain was taken down last month, but criminals behind the campaign registered new domains to host their malicious scripts that are eventually loaded onto WordPress sites. The new web domains registered by hackers include cdjs[.]online (registered on December 8th), cdns[.]ws (on December 9th), and msdns[.]online (on December 16th). Just like in the previous cloudflare[.]solutions campaign, the cdjs[.]online script is injected into either a WordPress database or the theme's functions.php file. The cdns[.]ws and msdns[.]online scripts are also found injected into the theme's functions.php file. The number of infected sites for cdns[.]ws domain include some 129 websites, and 103 websites for cdjs[.]online, according to source-code search engine PublicWWW, though over a thousand sites were reported to have been infected by the msdns[.]online domain. Researchers said it's likely that the majority of the websites have not been indexed yet. If your website has already been compromised with this infection, you will require to remove the malicious code from theme's functions.php and scan wp_posts table for any possible injection. Users are advised to change all WordPress passwords and update all server software including third-party themes and plugins just to be on the safer side. https://thehackernews.com/2018/01/wordpress-keylogger.html
  5. LeeSmithG

    Zemana 365 free key

    Here we go, 365 days key. 5876-0642-3626-3270
  6. By Cyrus Farivar - Jan 31 2014, 1:30pm AUSEST A hacking scandal involving keyloggers and electronic grade-changing at a high school in Newport Beach, a well-to-do area of Southern California, has resulted in the expulsion of 11 students. The Orange County Register reported Wednesday that six of those students had already left the district, but five had been transferred to another local school. “The Board’s action imposes discipline upon these students for the maximum allowed by the Education Code for what occurred at Corona del Mar High School,” Laura Boss, the Newport Mesa Unified School District spokesperson wrote in a statement on Wednesday. US News and World Report ranked the high school in question as the 46th best within California. However The Daily Pilot, a local newspaper, reported that this isn't the first time the school has been associated with cheating: "Two years ago, 10 Corona del Mar students bought answers for a history test on Amazon.com. One student was accused of attempting to sell the answers to classmates. A 17-year-old Corona del Mar senior was arrested in 2004 after being accused of changing grades in the school's computer system for other students." Where's Tim? Local police have accused Timothy Lance Lai, a 28-year-old tutor, as being the possible ringleader of an operation to install keyloggers on school computers and help students change their grades. His whereabouts remain unknown. According to the Los Angeles Times, the school district “is now in the process of auditing 52,000 student grades to see if others might have been altered by students this year. The tutor, parents told the district, worked with as many as 150 students.” Jennifer Manzella, a Newport Beach Police Department spokesperson, told Ars that Lai has not been charged with a crime, but that the police continue to seek him as a person of interest in the case. The police did execute a search on his home in December 2013, seizing a number of items, including hard drives, flash drives, and school materials. “We have not made contact with him since [our preliminary] investigation [in December 2013],” she said. “He’s not wanted, we don’t have a warrant out for his arrest.” According to a review of court documents, including a search warrant and an affidavit, which Ars obtained from the Superior Court of California County of Orange on Thursday, police believe that Lai’s involvement goes back to at least April 2012. The affidavit states that police believe Lai violated California Penal Code 502©(4): "Knowingly accesses and without permission adds, alters, damages, deletes, or destroys any data, computer software, or computer programs which reside or exist internal or external to a computer, computer system, or computer network." According to the Corona del Mar Today blog one student, Isabel Jorgensen, told the school board that she worried about the broader impact this scandal may have on all students in the district. “They put others at risk and they put others in harm's way and they tarnished the reputation of their high school,” she said. “To hear that they might be coming to Newport Harbor High School to tarnish our reputation is equally scary and terrifying.” Lawyering up According to an affidavit written by Detective David Syvock of the Newport Beach Police Department (NBPD), local police were first made aware of a possible “cheating incident” at the high school back on June 18, 2013. A science teacher, Kim Rapp, told school administrators that someone may have accessed her computer and changed grades for some of her students. Police later concluded that “grades were changed from a remote computer during the early morning hours of June 14, 2013.” That review clearly showed that two students were involved at that point. Ars is withholding their names as they are minors. Neither Boss, the district spokesperson, nor Rapp, nor police investigators responded immediately to Ars’ request for comment. One of the students (whom Ars will refer to as “A,") told police that she and her friend “B” had their environmental science grade changed as the result of a “device” that B had installed on Rapps’ computer. In A’s case, her grade went from a C to a B. A also told police that B had instructed A to take blame for the incident. Further, B told A that her “tutor” pushed A to also take the blame. When the police tried to interview B to find out the tutor’s name, her mother told the police that the family had retained counsel and that B would not make a statement to the police. Consequently, the police temporarily closed the case. However, they got a break at the end of the year. Police heard tutor say other students were "fucked" On December 17, 2013, Officer Anderson of the NBPD was contacted by a Corona Del Mar High School assistant principal who had information pertaining to the hacking scandal. A third student, C, told the police that his tutor—this time identified as Timothy Lance Lai— “asked him to place a keylogger device on the computer of various teachers” at the school. C declined to help Lai, but Lai persisted—specifically he asked for C’s help in placing the keylogger on the computers of the Honors Chemistry, Spanish, and English teachers. C did not comply with this request but did manage to put the device on the AP World History teacher’s computer. In exchange, Lai allegedly gave C a copy of an upcoming test. C also told police about an occasion where he and Lai went to the school late at night to place a keylogger on the chemistry teacher’s computer. Lai had an “electronic lock picking device,” which C said did not work, but they managed to gain access anyway. The 11th grader also told police that 11 other students at the school were involved in the cheating ring. Additionally he identified Lai to police on his Facebook page. C also allowed police to search his phone and examine text messages between himself and Lai. The conversations include information about meetings for tutoring as well as discussions about the cheating scheme. There were several messages within the dialogue about installing devices on computers as well as pictures of what appeared to be high school tests. It was clear from the content that Lai and [C] were using text messaging to discuss strategies on how to continue this elaborate scheme. On December 18, 2013, Officer Anderson presented a six pack photo lineup for C, including Lai and five similarly featured individuals. C “positively identified Timothy Lance Lai as his tutor and the person who provided him with the keylogger devices to install on the computers at Corona del Mar High School.” The same day, Officer Anderson and Detective Syvock met with C at a police interview room, during which time they placed a “covert call” between C and Lai, which the police recorded. During the phone call, Lai made statements implicating himself in the elaborate cheating scheme. Lai also identified other CDM High students who were involved in the scheme as he told [C] that they were, “Fucked.” As a result of the affidavit, the Newport Beach police were allowed to search Lai’s home and 2001 Toyota. Among the items seized were four USB thumbdrives, two hard drives, a Motorola cellphone, an “unknown electronic device,” a “book with cut-out containing a concealed, unknown electronic device,” a “legal notepad with student names,” and various math assignments, quizzes, and tests. A search of Lai’s premises also turned up a “micro camera with attached battery.” http://arstechnica.com/tech-policy/2014/01/11-high-school-students-expelled-for-keylogging-teachers-computers
  7. Ardamax Keylogger 4.0.6 Ardamax Keylogger is a keystroke recorder that captures user's activity and saves it to an encrypted log file. The log file can be viewed with the powerful Log Viewer. Use this tool to find out what is happening on your computer while you are away, maintain a backup of your typed data automatically or use it to monitor your kids. Also you can use it as a monitoring device for detecting unauthorised access. Logs can be automatically sent to your e-mail address, access to the keylogger is password protected. Besides, Ardamax Keylogger logs information about the Internet addresses the user has visited. This invisible spy application is designed for 2000, XP, 2003, Vista, 7 and Windows 8. Keylogger Features: Email log delivery - keylogger can send you recorded logs through e-mail delivery at set times - perfect for remote monitoring! FTP delivery - Ardamax Keylogger can upload recorded logs through FTP delivery. Network delivery - sends recorded logs through via LAN. Clipboard logging - capture all text copied to the Windows Clipboard. Invisible mode makes it absolutely invisible to anyone. Ardamax Keylogger is not visible in the task bar, system tray, Windows 2000/XP/2003/Vista/Windows 7 Task Manager, process viewers (Process Explorer, WinTasks etc.), Start Menu and Windows Startup list. Visual surveillance - periodically makes screenshots and stores the compressed images to log. Chat monitoring - Ardamax Keylogger is designed to record and monitor both sides of a conversation in following chats:AIM Windows Live Messenger 2011 ICQ 7 Skype 4 Yahoo Messenger 10 Google Talk Miranda QiP 2010 Security - allows you to protect program settings, Hidden Mode and Log file. Application monitoring - keylogger will record the application that was in use that received the keystroke! Time/Date tracking - it allows you to pinpoint the exact time a window received a keystroke! Powerful Log Viewer - you can view and save the log as a HTML page or plain text with keylogger Log Viewer. Small size – Ardamax Keylogger is several times smaller than other programs with the same features. It has no additional modules and libraries, so its size is smaller and the performance is higher. Ardamax Keylogger fully supports Unicode characters which makes it possible to record keystrokes that include characters from Japanese, Chinese, Arabic and many other character sets. It records every keystroke. Captures passwords and all other invisible text. Other Features: Windows 2000/2003/XP/Vista/Windows 7/Windows 8 support Monitors multi-user machines Automatic startup Friendly interface Easy to install
  • Create New...