Search the Community

I IN NO WAY TAKE ANY CREDIT FOR THIS IT WAS TAKEN FROM MDL FORUM AND SOME POSTS BY MEMBERS ON THIS FORUM! Manual: Tools: Microsoft Telemetry Tools Bundle v2.33 Windows 10 Lite v9 Private WinTen v0.84 Blackbird v6 v1.0.80.2 [Works with Win 7/8/8/1/10] O&O ShutUp10 v1.8.1423 WPD - Windows Privacy Dashboard v1.4.1834 WindowsSpyBlocker v4.36.0 Spybot Anti-Beacon v3.5 [Works with Win 7/8/8/1/10] W10Privacy v3.7.0.8 Privatezilla v0.50.0 SharpApp v0.46.1 Debotnet v0.7.8 Disable Windows 10 Tracking v3.2.3 Destroy Windows Spying v1.0.1.0 [Works with Win 7/8/8/1/10] [NOT RECOMMENDED AS NOT UPDATED ANYMORE]

Metamorfo Returns with Keylogger Trick to Target Financial Firms The malware uses a tactic to force victims to retype passwords into their systems – which it tracks via a keylogger Researchers have discovered a recent spate of phishing emails spreading a new variant of Metamorfo, a financial malware known for targeting Brazilian companies. Now, however, it’s expanding its geographic range and adding a new technique. Metamorfo was first discovered in April 2018, in various campaigns that share key commonalities (like the use of “spray and pray” spam tactics). These campaigns however have small, “morphing” differences — which is the meaning behind its name. This newest variant, which targets payment-card data and credentials at financial institutions with Windows platforms, packs a new trick up its sleeve. Once executed, the malware kills the auto-suggest data entry fields in browsers, forcing victims to write out their passwords – which it then tracks via a keylogger. It’s also changing in other ways: “Metamorfo is a malware family that was observed targeting the customers of online financial institutions,” said researcher Xiaopeng Zhang, with Fortinet’s FortiGuard Labs, in a post this week. “This… Metamorfo variant targets the customers of even more financial institutions across multiple countries.” Infection The recent variant is first spread via phishing emails that distribute a ZIP archive containing an MSI file (named “view-(AVISO)2020.msi”). Researchers inspected this MSI file’s stream (a sequence of bytes written to files, giving more information about their attributes) and found JavaScript code mixed in with a wide swath of garbage strings. The extracted and de-obfuscated code revealed that the MSI file downloads a ZIP file from a URL, which then adds itself into the auto-run group in the victim’s system registry to ensure that it runs automatically whenever the infected system starts. This ZIP file also contains three files (“cMejBlQe.exe,” “M6WnYxAh” and “YvSVUyps.dll”) that are decompressed into a newly-created folder and renamed with random strings, which then run an AutoIT script execution program. Researchers said that AutoIt, a legitimate, freeware programming language for Microsoft Windows, has been abused by a various malware families in the past as a method to help them bypass antivirus detection. The command line finally loads a DLL file code with the payload. This is protected by a packer, VMProtect, which is a “very strong packer that supports dynamic code protection when the target process is running,” said FortiGuard researchers. “This creates a big challenge for analysts. For example, all API addresses are hidden and are dynamically calculated before calling.” Tricks In a new tactic for Metamorfo, once executed it terminates running browsers (including Microsoft IE, Mozilla Firefox, Google Chrome, Microsoft Edge and Opera), and then modifies various registry keys to disable Internet Explorers’ functions, like auto-complete and auto-suggest. The malware also has the ability to display a control asking the victim to enter their passwords. Researchers said these dual functionalities enable the malware to track victims’ passwords as they manually write them out – enabling the malware operators to keep tabs on passwords even if they’re changed. “What is the purpose of killing the browsers and disabling their auto-complete and auto-suggest functions? This action forces the victim to hand-enter data without auto-complete, such as whole URLs, along with login-name, password and so on in the browser,” said Zhang. “This allows the malware’s keylogger function to record the largest number of actions from the victim’s input.” The malware also was able to display a fake message to the victim asking them to enter legitimate security confirmation codes they had received, in a tricky technique for attackers to bypass two-factor authentication (2FA), Zhang told Threatpost. “Sometimes financial websites use 2FA to protect their customers like sending a security code via SMS/email to the customer, then verifying the customer’s input on the website,” he said. “Since the attacker could not get the code, the verification will fail. So this malware strain asks for the code from the victim by prompting a fake message.” Beyond this technique, the malware’s arsenal of capabilities are similar to older variants: It collects information such as the OS version, computer name, installed antivirus software and more from the victim’s systems, and also creates tasks to monitor Bitcoin wallet addresses on the system clipboard, and to detect whether or not the victim is accessing a financial institution website. The Metamorfo news comes on the heels of the return of the CamuBot malware, also known for targeting Brazilian bank customers. In a slew of highly personalized attacks, CamuBot is targeting victims’ mobile banking apps as an extra step to evade detection when making fraudulent transfers. Source

Here we go, 365 days key. 5876-0642-3626-3270

Ardamax Keylogger 4.0.6 Ardamax Keylogger is a keystroke recorder that captures user's activity and saves it to an encrypted log file. The log file can be viewed with the powerful Log Viewer. Use this tool to find out what is happening on your computer while you are away, maintain a backup of your typed data automatically or use it to monitor your kids. Also you can use it as a monitoring device for detecting unauthorised access. Logs can be automatically sent to your e-mail address, access to the keylogger is password protected. Besides, Ardamax Keylogger logs information about the Internet addresses the user has visited. This invisible spy application is designed for 2000, XP, 2003, Vista, 7 and Windows 8. Keylogger Features: Email log delivery - keylogger can send you recorded logs through e-mail delivery at set times - perfect for remote monitoring! FTP delivery - Ardamax Keylogger can upload recorded logs through FTP delivery. Network delivery - sends recorded logs through via LAN. Clipboard logging - capture all text copied to the Windows Clipboard. Invisible mode makes it absolutely invisible to anyone. Ardamax Keylogger is not visible in the task bar, system tray, Windows 2000/XP/2003/Vista/Windows 7 Task Manager, process viewers (Process Explorer, WinTasks etc.), Start Menu and Windows Startup list. Visual surveillance - periodically makes screenshots and stores the compressed images to log. Chat monitoring - Ardamax Keylogger is designed to record and monitor both sides of a conversation in following chats:AIM Windows Live Messenger 2011 ICQ 7 Skype 4 Yahoo Messenger 10 Google Talk Miranda QiP 2010 Security - allows you to protect program settings, Hidden Mode and Log file. Application monitoring - keylogger will record the application that was in use that received the keystroke! Time/Date tracking - it allows you to pinpoint the exact time a window received a keystroke! Powerful Log Viewer - you can view and save the log as a HTML page or plain text with keylogger Log Viewer. Small size – Ardamax Keylogger is several times smaller than other programs with the same features. It has no additional modules and libraries, so its size is smaller and the performance is higher. Ardamax Keylogger fully supports Unicode characters which makes it possible to record keystrokes that include characters from Japanese, Chinese, Arabic and many other character sets. It records every keystroke. Captures passwords and all other invisible text. Other Features: Windows 2000/2003/XP/Vista/Windows 7/Windows 8 support Monitors multi-user machines Automatic startup Friendly interface Easy to install