• Download the spy program. Review of the best mobile spies Install spyware

    Keyloggers or keyboard spies have been around since the early days of computers. They are used in a wide variety of fields of activity. From office applications, when the director wants to know everything his employees are doing, to large-scale spy programs organized by the American NSA.

    Tracking programs allow you to perform a very wide range of tasks: take screenshots, monitor via a webcam, record audio from a microphone, determine the geoposition of a laptop, send reports along with files of the specified type, duplicate the browser history in case it is deleted, and do many other things.

    The word keylogger itself is a familiar but not entirely correct name. The first PC user tracking utilities actually logged only keystrokes and behaved almost like regular programs. As they developed, they learned to hide their activity better and collect much more data about the actions of the computer user.

    The possibility of hidden launch made it possible to classify them as “potentially malicious” to the delight of antivirus manufacturers. With the spread of accessible Internet, keyloggers now have functions for sending logs and remote control. This gave rise to classifying them as Trojans and backdoors, which is why some authors abandoned the release of updates, while others accepted the challenge and began to look for methods to bypass antiviruses.

    The first keylogger was installed by the KGB in 1976 on IBM Selectric typewriters.
    at the American embassy and consulate. It was discovered only 8 years later.

    Today, spyware has to be hidden not only from the user, but also from anti-virus scanners. Improving camouflage methods has become a mandatory and constant process. Even true hackers rarely had enough patience for it, since they wrote keyloggers mainly for fun. For example, Ghost Spy, the best keylogger of its time, has lost its relevance.

    Most other developers began selling simpler programs for “parental control” under the guise of cool keyloggers. They weakly mask their presence in the system, and for normal operation you usually need to add them to antivirus exceptions and create allowing firewall rules.

    Of course, parental control, password interception, and user tracking are far from the only purposes of these programs. There can be many options for use: some keyloggers allow you to search for stolen laptops, simultaneously collecting evidence of guilt and logging all the actions of thieves, and remote listening and connecting to a webcam are excellent security functions.

    So let's move on to our review:

    THE RAT!

    The Rat program, written by a man with the pseudonym HandyCat, is an example of true assembly language art. This is a whole series of keyloggers, some versions even provide for remote installation. According to the author, The RatKid fork was originally intended to be a simplified version. However, it soon turned into a separate utility, temporarily even
    more powerful than her ancestor. Now the internal competition has been eliminated: The Rat and The RatKid are almost identical. Separately, there is only the old The Rat v.10, optimized for Windows XP. The latest release - The Rat v.13 Lucille was created in May of this year. You can download both the full version and the demo version.


    This is what TheRat control panel looks like

    Each The Rat distribution is an archive within an archive. Inside the .zip there is a self-extracting WinRAR module, protected by a password. In the demo it says: TheRatKlg. To find out the password for the full version, you must contact HandyCat at the address indicated on the website. After unpacking the archive, you will receive two executable files: RatCenter.exe - control center and RatExtractor.exe - log viewer. There is also detailed help and a license file.

    The entire file set takes up 1.6 MB, but most of this space is in the control center GUI. Thanks to the packer, the keylogger itself fits into 20 KB of code, and the unpacked version into 50 KB. It works with any keyboard layout, including Arabic and Japanese. Compatibility has been tested on all versions of Windows from XP to 8.1. It has not yet been tested on the “ten”, but it should work.

    By default, the option to notify the user about being tracked is checked in the settings. In the demo version, it does not turn off, and every time Windows is restarted, a corresponding program window appears on the screen with a single OK button. In the full version, unmasking can be disabled. In addition, it has another unique component - a program for merging multiple files, FileConnector. It can attach a keylogger to any executable or multimedia file. The result of FileConnector will always be a new executable containing the code of the source program and The Rat.

    True, this is only relevant for spying on inexperienced users who will not be confused by the sudden appearance of the .exe extension. Restrictions: the source and final files must contain only Latin characters and numbers in the name.

    The main purpose of FileConnector is to facilitate remote installation using social engineering. For example, you can send the user a cool game or a self-extracting archive with important documents with a keylogger attached. The full version of The Rat also uses an executable packer/encryptor to reduce the size of the addon and make it harder to detect.


    TheRat can also be a sniffer

    In addition to all the traditional keylogger functions, The Rat can track activity in pre-selected application windows and respond to keywords, take screenshots at a specified time interval or every time you press the Enter key. This significantly reduces the amount of garbage in the logs and simplifies their transfer. Fully featured
    the version additionally performs the tasks of a sniffer: it logs all work on the Internet and local network in as much detail as possible. Unlike other keyloggers, The Rat can intercept the substitution of stored passwords and data from autofilled forms.

    The Rat also has an interesting local search engine feature. It can secretly find one or more files using a predefined mask, and then send copies of them along with the log by mail or to FTP specified in the Rat(Kid)Center settings. I will describe below how to search for FTP with anonymous login and recording capabilities.

    The Shodan shadow internet search engine will help us get the latest list of FTP servers. A list of anonymous FTPs is generated upon request 230 Anonymous access granted . Choose the first one you like and try to upload a file to it. If it works, share the link with a friend or check the next one. During the test, two suitable servers were found in two minutes, and through a free Shodan account.

    Many of the old keyloggers are no longer relevant due to the transition of SMTP servers to secure connections. The Rat supports the TLS protocol, and therefore is able to send logs through modern email services. If the keylogger user has physical access to the monitored computer, then another non-trivial method of obtaining the log will be useful to him - autocopying. Starting from the eleventh version, Rat(Kid) Center can create a flash drive, which, when inserted into USB, will automatically record the keylogger log.

    The key feature of all the latest versions of TheRat is that it works on the principle of disembodied viruses. When running The RatKid, as well as The Rat v.11 and higher, no separate executable files are created. It is launched once from the control center or a modified executable, and then completely hides traces of its presence and exists only in RAM. Any
    A regular shutdown and even a reboot by briefly pressing Reset leaves it in the system. You can remove The Rat(Kid) using the separate Rat(Kid) Finder utility included with the corresponding full version. It detects the keylogger itself, finds the log it created, allows you to change settings and find out the hot keys to disable the keylogger.
    An alternative option for unloading it is to immediately de-energize the computer. It only works if no additional security measures were taken when installing the keylogger. On desktop systems, this will require unplugging the power cord, and on laptops, the battery.


    Simply turning it off with a button is useless. A “rat” of fifty kilobytes in size can be easily stored not only in RAM, but also in the cache of the processor, drive, CMOS and any other available memory that will not be reset if there is a standby power source.

    If The Rat was attached to any executable file from the autorun list, then to remove the keyboard interceptor after turning off the computer, you will first have to load another OS and find a modified executable. This is best done by disk auditors (for example, AVZ has this function) and programs that can calculate hash functions.


    For example, Autoruns will check not only them, but also the digital signatures of startup objects, and send all suspicious files to the VirusTotal online verification service. However, this is not a panacea. A small keylogger file will not necessarily be embedded in another. It can exist as a satellite - for example, in alternative NTFS streams.

    The advantages of The Rat also include its invisibility in the list of processes for all known viewers, the complete absence of entries in the registry, the ability to bypass some software firewalls (including those that check file checksums) and the ability to self-destruct at a specified time, leaving no traces and no reboot required.

    The keylogger has one drawback - predictable and significant: currently its files are detected by most antiviruses. Therefore, before using them on the target computer, they will have to be modified by packers with the function of encrypting or obfuscation of the code.

    SPYGO

    SpyGo is a fundamentally different keylogger for Windows (from XP to 8.1, the 64-bit version is also supported). It uses much less aggressive behavior. Because of this, it is relatively easy to detect, but it is considered completely legal. Its author does not even hide behind a nickname - he is a programmer Anton Kartashov from the city of Berdsk, Novosibirsk region. He is trying to develop the project not so much as hacker software for espionage, but as a legal monitoring tool.


    The developer is doing everything possible to avoid SpyGo from being included in antivirus databases. Although the distribution is encrypted using Enigma Protector, it is digitally signed by Spygo Software, certified by the Comodo certification center. So far, only two out of fifty scanners swear at SpyGo (more precisely, at the packer), and even then at the level of paranoid heuristics.

    This keyboard interceptor is available in Lite, Home and Ultima Edition. The latest release (3.6 build 50315) was released in June of this year. The differences between versions relate mainly to advanced functions. In Lite and Home, remote listening via a microphone and determining the location of the monitored laptop are not available. Also, in these versions all remote functions do not work: remote viewing of logs, broadcasting over the network of what is displayed on the screen
    images, monitoring via a webcam, managing the program itself and uninstalling it. The Lite version lacks the function of delivering reports (by email or FTP) and instant notification by email about visiting websites marked as “undesirable”.

    We tested the Ultima Edition, which does almost everything. Of course, among the implemented functions there is recording of keystrokes and copying text from the clipboard. SpyGo also logs general statistics about computer use: the time it was turned on and off, the launch of certain programs and actions in them. The keylogger watches the browser especially closely: it collects statistics on sites visited and tracks search queries. Additional features include taking screenshots (works also in games and when watching movies), receiving photos from a webcam, creating a log of all operations with files in a selected directory or on the entire disk, as well as connecting removable media.

    Among ordinary users, the most popular options now include monitoring the actions of their household members on social networks and reading their correspondence in various instant messengers. SpyGo can do all this and records it in the log in a row or by catching only individual phrases using keywords.


    This is what SpyGo logs look like


    SpyGo is also interesting because it can launch at a certain time and perform selective monitoring - this helps reduce the size of the log. All logs are encrypted. It is assumed that they can only be viewed from SpyGo. Recorded events are grouped into tabs in the report. They provide a fairly accurate picture of the user's experience, but there are also discrepancies. For example, in the AVZ utility we simply performed a quick scan, and in the “Keys pressed” section of the log file the strange text “eeeeeee…” was displayed on two lines. In other programs, confirmation of an action by clicking the mouse corresponded to a record of entering “y”, which fits into the console logic of operation.


    Antivirus easily finds SpyGo

    Initially, the program operates explicitly. The installation wizard even creates a shortcut on the desktop, and in the settings there is a separate option “Notify the user of this computer about monitoring.” If you check it, a warning text will be displayed when you turn on the computer. This was done in order to avoid accusations of illegal surveillance. For example, everyone is already accustomed to the “Video surveillance is underway” stickers and the auto-informer phrases “All conversations are being recorded.” It's the same here: corporate politics and the struggle for discipline.

    The “quiet” mode, natural for the keylogger, is turned on manually after the first launch. It removes the program window, hides it from the taskbar, the list of installed programs, and masks activity in every possible way. You can return the SpyGo window by pressing a preset key combination (by default it is ). If you forgot the tricky combo, you can restart the installation of the program and see its working copy (or the password entry window, if one is specified). This is not done in the spirit of a ninja, but it helps those suffering from sclerosis.


    Adding a library when installing a program

    Hiding a running program works both in the system process manager and in its advanced analogues like Process Explorer. Popular antiviruses also ignore the work of the keylogger, but it is instantly identified by the AVZ analyzer as a masquerading process.

    The keylogger does not really hide in the file system. It only sets the "hidden" attribute on its directory, so that it will not be visible in Explorer with default settings. Naturally, it remains visible to other file managers at the standard address C:ProgramDataSGOsgo.exe. You can specify a different installation path, but this helps little - the executable is always the same, otherwise it would be defined as a polymorphic virus.
    A comparison of the startup sections before and after installing SpyGo shows the addition of the RTDLib32.dll library. Antiviruses let it through, but it sticks out quite clearly in the system.

    There are many different keyloggers you can find, and each of them is interesting to study. However, in the end, any of them will be an analogue of the toothy The Rat or the cute SpyGo. These two different approaches to writing dual-use utilities will always coexist. If you need to protect your laptop, keep an eye on your child or a careless employee, feel free to install SpyGo and control all actions through a convenient interface. If complete secrecy is required, use the assembler “Rat” as a basis and hide it from antiviruses during installation as best you can. Then she will run on her own, gnawing holes even in a powerful defense. The Rat is exceptionally difficult to detect on a live system, and this keylogger is well worth the effort. Chances are you'll be able to write your own by the time you fully understand it.

    When using the Internet, you should not assume that your privacy is protected. Ill-wishers often monitor your actions and seek to obtain your personal information using special malware - spyware. This is one of the oldest and most common types of threats on the Internet: these programs enter your computer without permission to initiate various illegal activities. It is very easy to fall victim to such programs, but it can be difficult to get rid of them - especially when you do not even know that your computer is infected. But don't despair! We will not leave you alone with threats! You just need to know what spyware is, how it gets onto your computer, how it tries to harm you, how to eliminate these programs, and how you can prevent spyware attacks in the future.

    What is spyware?

    History of spyware

    The term “spyware” was first mentioned in 1996 in one of the specialized articles. In 1999, this term was used in press releases and already had the meaning that is assigned to it today. He quickly gained popularity in the media. A little time passed, and in June 2000 the first application designed to combat spyware was released.

    “The first mention of spyware dates back to 1996.”

    In October 2004, the media company America Online and the National Cyber ​​Security Alliance (NCSA) conducted a study on this phenomenon. The result was incredible and frightening. About 80% of all Internet users have at one time or another encountered spyware infiltrating their computers; approximately 93% of computers had spyware components, while 89% of users were unaware of it. And almost all users who were victims of spyware (about 95%) admitted that they did not give permission to install it.

    Today, the Windows operating system is the preferred target for spyware attacks due to its widespread use. However, in recent years, spyware developers have also been paying attention to the Apple platform and mobile devices.

    Spyware for Mac

    Historically, spyware authors have targeted the Windows platform as their main target because it has a larger user base than the Mac platform. Despite this, the industry experienced a significant surge in Mac malware activity in 2017, with the majority of attacks carried out through spyware. Mac spyware has a similar behavior pattern to Windows spyware, but is dominated by password stealers and general-purpose backdoors. Malicious activities of software belonging to the second category include remote execution of malicious code, keylogging, screen capture, arbitrary file upload and download, password phishing, etc.

    “The industry experienced a significant surge in Mac malware activity in 2017, with the majority of attacks carried out through spyware.”

    In addition to malicious spyware, so-called “legitimate” spyware is also common on the Mac. These programs are sold by real companies on official websites, and their main purpose is to control children or employees. Of course, such programs are a classic “double-edged sword”: they allow the possibility of abuse of their functions, since they provide the average user with access to spyware tools without requiring any special knowledge.

    Spyware for mobile devices

    Spyware does not create a shortcut and can reside in the mobile device's memory for a long time, stealing important information such as incoming/outgoing SMS messages, incoming/outgoing call logs, contact lists, email messages, browser history and photos. In addition, mobile device spyware can potentially track keystrokes, record sounds within the range of your device's microphone, take photos in the background, and track your device's position using GPS. In some cases, spyware even manages to control the device using commands sent via SMS and/or coming from remote servers. Spyware sends stolen information via email or via data exchange with a remote server.

    Don't forget that consumers are not the only target of spyware hackers. If you use your smartphone or tablet at work, hackers can attack your employer's organization through vulnerabilities in the mobile device system. Moreover, computer security incident response teams may not be able to detect attacks carried out through mobile devices.

    Spyware typically infiltrates smartphones in three ways:

    • An unsecured free Wi-Fi network that is often installed in public places, such as airports and cafes. If you are registered on such a network and transmit data through an unsecured connection, attackers can monitor all the actions you perform while you remain on the network. Pay attention to warning messages that appear on your device's screen, especially if they indicate a failure to verify the server's identity. Take care of your safety: avoid such unsecured connections.
    • Operating system vulnerabilities can create the preconditions for malicious objects to penetrate a mobile device. Smartphone manufacturers often release operating system updates to protect users. Therefore, we recommend that you install updates as soon as they become available (before hackers try to attack devices that have outdated software installed).
    • Malicious objects are often hidden in seemingly ordinary programs - and the likelihood of this increases if you download them from websites or messages rather than through the app store. It's important to pay attention to warning messages when installing apps, especially if they ask for permission to access your email or other personal data. Thus, we can formulate the main security rule: use only trusted resources for mobile devices and avoid third-party applications.

    Who is targeted by spyware?

    Unlike other types of malware, spyware developers do not aim to target any specific group of people with their products. On the contrary, in most attacks, spyware spreads its networks very widely to target as many devices as possible. Consequently, every user is potentially a target for spyware, because, as attackers rightly believe, even the smallest amount of data will sooner or later find its buyer.

    “In most attacks, spyware casts its networks very widely to target as many devices as possible.”

    For example, spammers buy email addresses and passwords to send malicious spam or impersonate someone else. As a result of spyware attacks on financial information, someone can lose funds in a bank account or become a victim of scammers who use real bank accounts in their scams.

    Information obtained from stolen documents, images, videos and other digital forms of data storage can be used for extortion.

    Ultimately, no one is safe from spyware attacks, and hackers don't think much about whose computers they infect in pursuit of their goals.

    What should I do if my computer is infected?

    Once inside a system, spyware tends to remain undetected and can only be detected if the user is experienced enough and actually knows where to look. So many users continue to work, unaware of the threat. But if you think that spyware has penetrated your computer, you must first clean the system of malicious objects so as not to compromise new passwords. Install a reliable antivirus that is capable of providing adequate cybersecurity and uses aggressive algorithms to detect and remove spyware. This is important because only aggressive antivirus actions can completely remove spyware artifacts from the system, as well as restore damaged files and broken settings.

    Once your system has been cleared of threats, contact your bank to alert them to potential malicious activity. Depending on what information was compromised on the infected computer (especially if it is connected to a business or organizational network), you may be required by law to report the virus to law enforcement or make a public statement. If the information is of a sensitive nature or involves the collection and transmission of images, audio and/or video, you should contact a law enforcement official to report potential violations of federal or local laws.

    One last thing: Many identity theft protection vendors claim that their services can detect fraudulent transactions or temporarily freeze your credit account to prevent damage from malicious malware. At first glance, blocking a credit card is a really sound idea. However, Malwarebytes strongly recommends against purchasing identity theft protection products.

    “Many identity theft protection vendors claim that their services can detect fraudulent transactions.”

    How to protect yourself from spyware?

    The best protection against spyware, as with most types of malware, depends primarily on what you do. Please follow these basic guidelines to ensure your cybersecurity:

    • Do not open emails from unknown senders.
    • Do not download files from unverified sources.
    • Before clicking on a link, hover your mouse over it to see which web page it will take you to.

    But as users have become more cybersecurity savvy, hackers have become smarter, too, creating increasingly sophisticated ways to deliver spyware. This is why installing a proven antivirus is extremely important to combat the latest spyware.

    Look for antiviruses that provide real-time protection. This feature allows you to automatically block spyware and other threats before they can harm your computer. Some traditional antivirus and other cybersecurity tools rely heavily on signature-based detection algorithms—which are easy to bypass, especially when it comes to modern threats.
    You should also pay attention to the presence of functions that block the penetration of spyware into your computer. For example, this could include anti-exploit technology and protection against malicious websites that host spyware. The premium version of Malwarebytes has a proven track record of providing reliable anti-spyware protection.

    In the digital world, dangers are an integral part of online reality and can await you at every step. Fortunately, there are simple and effective ways to protect yourself from them. If you maintain a healthy balance between antivirus use and basic precautions, you can protect every computer you use from spyware attacks and the criminals behind them.
    You can read all our spyware reports

    Who among us hasn’t wanted to feel like a cool hacker at least once and break at least something? :) Even if not, then let’s talk about how great it would be to get a password from your mail/social network. the network of a friend, wife/husband, roommate thought at least once by everyone. :) Yes, and you have to start somewhere, after all! A significant part of attacks (hacking) involves infecting the victim’s computer with so-called keyloggers (spyware).

    So, in today’s article we’ll talk about what are free programs for monitoring windows-based computers, where you can download their full versions, how to infect a victim’s computer with them, and what are the features of their use.

    But first, a little introduction.

    What are keyloggers and why are they needed?

    I think you yourself have guessed what it is. As a rule, they are a kind of program that is hidden (although this is not always the case) installed on the victim’s computer, after which it records absolutely all keystrokes on this node. Moreover, in addition to the clicks themselves, the following is usually recorded: the date and time of the click (action) and the program in which these actions were performed (browser, including the website address (hurray, we immediately see what the passwords are for!); local application; system services (including Windows login passwords), etc.).

    From here one of the problems is immediately visible: I got access to my neighbor’s computer for a couple of minutes and I want to get her password from VK! I installed the miracle program and returned the computer. How can I look up passwords later? Looking for a way to take the computer from her again? The good news is: usually not. Most keyloggers are capable of not only storing the entire accumulated database of actions locally, but also sending it remotely. There are many options for sending logs:

    • A fixed e-mail (there may be several) is the most convenient option;
    • FTP server (who has it);
    • SMB server (exotic, and not very convenient).
    • A fixed flash drive (you insert it into the USB port of the victim’s computer, and all logs are copied there automatically in invisible mode!).

    Why is all this needed? I think the answer is obvious. In addition to the banal stealing of passwords, some keyloggers can do a number of other nice things:

    • Logging correspondence in specified social networks. networks or instant messengers (for example, Skype).
    • Taking screenshots of the screen.
    • View/capture webcam data (which can be very interesting).

    How to use keyloggers?

    And this is a difficult question. You need to understand that just finding a convenient, functional, good keylogger is not enough.

    So, what is needed for a spy program to work successfully?:

    • Administrator access to a remote computer.
      Moreover, this does not necessarily mean physical access. You can easily access it via RDP (Remote Desktop Service); TeamViewer; AmmyAdmin, etc.
      As a rule, the greatest difficulties are associated with this point. However, I recently wrote an article about how to get administrator rights in Windows.
    • Anonymous e-mail / ftp (by which you will not be identified).
      Of course, if you are breaking Aunt Shura for your neighbor, this point can be safely omitted. As is the case if you always have the victim’s computer at hand (ala, find out your brother/sister’s passwords).
    • Lack of working antiviruses / internal Windows protection systems.
      Most public keyloggers (which will be discussed below) are known to the vast majority of antivirus software (although there are logger viruses that are built into the OS kernel or system driver, and antiviruses can no longer detect or destroy them, even if they have detected them). Due to the above, anti-virus software, if any, will have to be mercilessly destroyed. In addition to antiviruses, systems like Windows Defender (these first appeared in Windows 7 and onwards) also pose a danger to our spyware. They detect suspicious activity in software running on a computer. You can easily find information on how to get rid of them on Google.

    These, perhaps, are all the necessary and sufficient conditions for your success in the field of stealing other people’s passwords / correspondence / photos or whatever else you want to encroach on.

    What types of spyware are there and where can I download them?

    So, let's start with a review of the main keyloggers that I used in my daily practice with links to free downloads of their full versions (i.e., all versions are the latest at the moment (for which it is possible to find a cure) and with already working and tested cracks).

    0. The Rat!

    Ratings (out of 10):

    • Stealth: 10
    • Convenience/usability: 9
    • Functionality: 8

    It's just a bomb, not a keylogger! In working condition it takes 15-20 KB. Why be surprised: it is written entirely in assembly language (veteran programmers shed tears) and written mostly by enthusiastic hackers, due to which the level of its secrecy is simply amazing: it works at the OS kernel level!

    In addition, the package includes FileConnector - a mini-program that allows you to connect this keylogger with absolutely any program. As a result, you get a new exe of almost the same size, and when launched, it works exactly like the program with which you glued it together! But after the first launch, your keylogger will be automatically installed in invisible mode with the parameters for sending logs that you have previously specified. Convenient, isn't it?

    An excellent opportunity for social engineering (bring a game file/presentation to a friend on a flash drive, or even just a Word document (I’ll tell you how to create an exe file that launches a specific word/excel file in one of my next articles), launch, everything is fine and wonderful, but the friend is already invisibly infected!). Or you simply send this file to a friend by mail (preferably a link to download it, since modern mail servers prohibit sending exe files). Of course, there is still a risk from antiviruses during installation (but it will not exist after installation).

    By the way, with the help of some other techniques you can glue any hidden installation distribution (these are found in The Rat! and Elite keylogger) not only with exe files (which still cause suspicion among more or less advanced users), but also with ordinary word / excel and even pdf files! No one will ever think anything about a simple pdf, but that’s not the case! :) How this is done is the topic of a whole separate article. Those who are especially zealous can write me questions through the feedback form. ;)

    Overall, The Rat! can be described for a very long time and a lot. This was done much better than me. There is also a download link there.

    1. Elite keylogger

    Ratings (out of 10):

    • Stealth: 10
    • Convenience/usability: 9
    • Functionality: 8

    Perhaps one of the best keyloggers ever created. Its capabilities, in addition to the standard set (interception of all clicks in the context of applications / windows / sites), include interception of instant messenger messages, pictures from a webcam, and also - which is VERY important! - interception of WinLogon service passwords. In other words, it intercepts Windows login passwords (including domain ones!). This became possible thanks to its work at the system driver level and launch even at the OS boot stage. Due to this same feature, this program remains completely invisible to both Kasperosky and all other anti-malware software. Frankly, I have not met a single keylogger capable of this.

    However, you shouldn’t delude yourself too much. The installer itself is recognized by antiviruses very easily and to install it you will need administrator rights and disabling all antivirus services. After installation, everything will work perfectly in any case.

    In addition, the described feature (working at the OS kernel level) introduces requirements for the OS version on which the keyloggers will work. Version 5-5.3 (links to which are given below) supports everything up to and including Windows 7. Win 8 / 10, as well as Windows server family (2003 / 2008 / 2012) are no longer supported. There is version 6, which functions perfectly, incl. on win 8 and 10, however, it is currently not possible to find a cracked version. It will probably appear in the future. In the meantime, you can download Elite keylogger 5.3 from the link above.

    There is no network operation mode, therefore it is not suitable for use by employers (to monitor the computers of their employees) or an entire group of people.

    An important point is the ability to create an installation distribution with predefined settings (for example, with a specified email address where logs will need to be sent). At the same time, at the end you get a distribution kit that, when launched, does not display absolutely any warnings or windows, and after installation it can even destroy itself (if you check the appropriate option).

    Several screenshots of version 5 (to show how beautiful and convenient everything is):

    2. All-in-one keylogger.

    Ratings (out of 10):

    • Stealth: 3
    • Convenience/usability: 9
    • Functionality: 8

    It is also a very, very convenient thing. The functionality is quite at the level of Elite keylogger. Things are worse with secrecy. Winlogon passwords are no longer intercepted, it is not a driver, and is not built into the kernel. However, it is installed in system and hidden AppData directories, which are not so easily accessible to unauthorized users (not those on whose behalf it is installed). Nevertheless, antiviruses sooner or later successfully do this, which makes this thing not particularly reliable and safe when used, for example, at work to spy on your own superiors. ;) Gluing it to something or encrypting the code to hide it from antiviruses will not work.

    Works on any version of Win OS (which is nice and practical).

    As for the rest, everything is fine: it logs everything (except Windows login passwords), sends it anywhere (including e-mail, ftp, fixed flash drive). In terms of convenience, everything is also excellent.

    3. Spytech SpyAgent.

    Ratings (out of 10):

    • Stealth: 4
    • Convenience/usability: 8
    • Functionality: 10

    Also a good keylogger, although with dubious secrecy. Supported OS versions are also all possible. The functionality is similar to previous options. There is an interesting self-destruct function after a specified period of time (or upon reaching a predetermined date).

    In addition, it is possible to record video from a webcam and sound from a microphone, which can also be very popular and which the previous two representatives do not have.

    There is a network mode of operation, which is convenient for monitoring an entire network of computers. By the way, StaffCop has it (it is not included in the review due to its uselessness for one user - an individual). Perhaps this program is ideal for employers to spy on their employees (although the leaders in this field are unconditionally StaffCop and LanAgent - if you are a legal entity, be sure to look in their direction). Or to keep track of your offspring who love to sit and watch “adult sites”. Those. where what is needed is not concealment, but convenience (including a bunch of beautiful log reports, etc.) and functionality for blocking specified sites/programs (SpyAgent also has it).

    4. Spyrix Personal monitor.

    Ratings (out of 10):

    • Stealth: 4
    • Convenience/usability: 6
    • Functionality: 10

    The functionality is at the level of the previous candidate, but the same problems with secrecy. In addition, the functionality includes an interesting thing: copying files from USB drives inserted into the computer, as well as remote viewing of logs through a web account on the Spyrix website (but we are going to download a cracked version, so it will not work for us).

    5. Spyrix Personal monitor.

    Ratings (out of 10):

    • Stealth: 3
    • Convenience/usability: 6
    • Functionality: 8

    I won’t describe it in detail, because... this instance does not have anything that one of the previous spies did not have, however, someone may like this keylogger (at least for its interface).

    What do we end up with?

    The issue of using a keylogger is more ethical than technical, and it greatly depends on your goals.

    If you are an employer who wants to control your employees, feel free to set up StaffCop, collect written permission from all employees for such actions (otherwise you may be seriously charged for such things) and the job is in the bag. Although I personally know more effective ways to increase the performance of my employees.

    If you are a novice IT specialist who just wants to experience what it’s like to break someone and how this thing works in general, then arm yourself with social engineering methods and conduct tests on your friends, using any of the examples given. However, remember: the detection of such activity by victims does not contribute to friendship and longevity. ;) And you definitely shouldn’t test this at your work. Mark my words: I have experience with this. ;)

    If your goal is to spy on your friend, husband, neighbor, or maybe you even do it regularly and for money, think carefully about whether it’s worth it. After all, sooner or later they may attract. And it’s not worth it: “rummaging through someone else’s dirty laundry is not a pleasant pleasure.” If you still need to (or maybe you work in the field of investigating computer crimes and such tasks are part of your professional responsibilities), then there are only two options: The Rat! and Elite Keylogger. In the mode of hidden installation distributions, glued with word / excel / pdf. And it’s better, if possible, encrypted with a fresh cryptor. Only in this case can we guarantee safer activities and real success.

    But in any case, it is worth remembering that the competent use of keyloggers is only one small link in achieving the goal (including even a simple attack). You don’t always have admin rights, you don’t always have physical access, and not all users will open, read, and even more so download your attachments/links (hello social engineering), the antivirus won’t always be disabled/your keylogger/cryptor won’t always be unknown to them . All these and many untold problems can be solved, but their solution is the topic of a whole series of separate articles.

    In short, you have just begun to dive into the complex, dangerous, but incredibly interesting world of information security. :)

    Sincerely,Lysyak A.S.

    Spyware is a type of malicious software that performs certain actions without the user's knowledge, such as displaying advertisements, collecting confidential information, or making changes to device settings. If your Internet connection slows down, your browser becomes slow, or other unusual behavior occurs, your computer may be infected with spyware.

    Steps

    Detecting and removing spyware on your Android device

      Know the signs of spyware. If your Internet connection speed drops frequently or your smartphone receives strange text messages, including messages from strangers, your device is most likely infected with spyware.

      • Spyware often generates messages with a random set of characters or asking you to enter a specific code.

    1. Check how applications use Internet traffic. Open the Settings app and tap Traffic Control. Scroll down the screen and see how much traffic is being consumed by each application. As a rule, spyware consumes a large amount of traffic.

      Back up your data. Connect your smartphone to your computer using a USB cable, and then drag important files (such as photos or contacts) to your hard drive.

      • Since the mobile device and the computer are running different operating systems, the computer will not be infected.

    2. Open the Settings app and tap Backup & Reset. A screen will open with several options, including the option to reset the device to factory settings.

      Click "Reset to Factory Settings". This option is at the bottom of the Backup & Reset screen.

      Click Reset Settings. The smartphone will automatically reboot and user data and applications, including spyware, will be deleted.

      • Please be aware that a factory reset will erase all user data. Therefore, be sure to back up important information.

      Using HijackThis (Windows)

      1. Download and install. This is a utility that is designed to detect spyware. Double click on the installation file to run it. Once you install this utility, run it.

        • Similar software is Adaware or MalwareBytes.

      2. Click "Config". This button is located in the lower right corner of the screen in the "Other Stuff" section. The program settings will open.

        • In the settings, you can enable or disable certain features, such as file backup. It is recommended to create a backup if you are working with important files or software. The backup copy is small in size; Moreover, it can be deleted later (from the folder where the backups are stored).
        • Please note that the "Make backups before fixing items" feature is enabled by default.

      3. Click "Back" to return to the main menu. This button replaces the Config button when the Settings window is open.

        Click Scan. This button is located in the lower left corner of the screen, which will display a list of potentially dangerous files. It is important to note that HijackThis will quickly scan the most vulnerable nodes of the system, so not all files presented in the list will be malicious.

        Check the box next to the suspicious file and click “Info on selected item”. A window will open with detailed information about the file and the reason why it was included in the specified list. After checking the file, close the window.

        • As detailed information, the location of the file, its possible uses, and the recommended action to take on the file are displayed.

      4. Click Fix checked. This button is located in the lower left corner of the screen; HijackThis utility will either restore or delete the selected file (depending on the selected action).

        • You can select several files at once; To do this, check the box next to each of them.
        • Before performing any action, HijackThis will create (by default) a backup copy of the data so that the user has the opportunity to undo the changes made.

      5. Restore your data from backup. To undo any changes made by HijackThis, click "Config" in the bottom right corner of the screen and then click "Backup". From the list, select the backup file (its name includes the date and time it was created), and then click Restore.

        • Backups will be retained until you delete them. That is, you can close HijackThis and restore the data later.

      Using Netstat (Windows)

      1. Open a command prompt window. Netstat is a built-in Windows utility that can detect spyware and other malicious files. Click ⊞Win+ R to open the Run window, and then type cmd. The command line provides interaction with the operating system through text commands.

        • Use this method if you don't want to install additional software or want more control over the malware removal process.

      2. Enter the command netstat -b and press ↵Enter . A list of processes that have access to the Internet (can open ports or use an Internet connection) will be displayed.

        • In this team the operator -b means "binary code". That is, the active “binaries” (executable files) and their connections will be displayed on the screen.

      3. Click Ctrl + Alt + Delete . The Windows Task Manager will open, listing all active processes. Scroll down the list and look for the malicious process that you detected using the Command Prompt.

        Right-click on the process name and select "Open file storage location" from the menu. A folder with a malicious file will open.

        Right-click on the file and select “Delete” from the menu. The malicious file will be sent to the Recycle Bin, which prevents processes from running.

        • If a window opens warning you that the file cannot be deleted because it is in use, return to the Task Manager window, highlight the process, and click End Process. The process will be completed and you can delete the corresponding file.
        • If you deleted the wrong file, double-click the Recycle Bin to open it, and then drag the file from the Recycle Bin to restore it.

      4. Right-click the Trash and select Empty from the menu. This will permanently delete the file.

      Using the Terminal (Mac OS X)

        Open a terminal. In the terminal, you can run a utility that will detect spyware (if, of course, there is any). Click "Applications" - "Utilities" and double-click "Terminal". The terminal provides interaction with the operating system through text commands.

        • The terminal icon can be found in Launchpad.

      1. Enter the command sudo lsof -i | grep LISTEN and press ⏎ Return . A list of active processes and information about their activity on the network will be displayed.

        • Team sudo grants root access to the subsequent command, that is, allows you to view system files.
        • lsof is short for “list of open files”. That is, this command allows you to view running processes.
        • Operator -i indicates that the list of active processes should be accompanied by information about their network activity because spyware connects to the Internet to communicate with external sources.
        • grep LISTEN– this command selects processes that open certain ports (this is how spyware works).

      2. Enter your administrator password and click ⏎ Return . This is what the team requires sudo. Please note that while you are entering your password, it will not appear in the terminal.

      3. Find out which processes are malicious. If you don't know the name of the process or it opens a port, it is most likely malware. If you are unsure about a particular process or port, search the process name on the Internet. Most likely, other users have already encountered unusual processes and have left reviews about their nature (malicious or harmless). If you are sure that a process is malicious, delete the file that starts the process.

        • If you still have not figured out the nature of the process, it is better not to delete the corresponding file, because this may lead to the crash of some program.
        • rm– short for “remove”.
        • Make sure this is the file you want to delete. Please note that the file will be permanently deleted. Therefore, we recommend that you create a backup copy in advance. Open the Apple menu and click System Preferences - Time Machine - Backup.
      • If HijackThis returns too many suspicious files, click "Save Log" to create a text file with the results and post them on this forum. Perhaps other users will recommend what to do with this or that file.
      • Ports 80 and 443 are used by many trusted programs to access the network. Of course, spyware can use these ports, but this is unlikely, meaning spyware will open other ports.
      • Once you detect and remove spyware, change the passwords for each account you log into on your computer. It's better to be safe than sorry.
      • Some mobile apps that claim to detect and remove spyware on Android devices are actually unreliable or even fraudulent. The best way to clean your smartphone from spyware is to restore it to factory settings.
      • Factory reset is also an effective way to remove spyware on iPhone, but unless you have root access to system files, spyware will likely not be able to infiltrate iOS.

      Warnings

      • Be careful when deleting unfamiliar files. Deleting a file from the "System" folder (in Windows) may damage the operating system and subsequently reinstall Windows.
      • Likewise, be careful when deleting files using the terminal in Mac OS X. If you think you have found a malicious process, first read about it on the Internet.

    Almost all users today are familiar with viruses and the consequences of their impact on computer systems. Among all the threats that have become most widespread, a special place is occupied by spyware that monitors the actions of users and steals confidential information. Next, we will show what such applications and applets are, and discuss the issue of how to detect spyware on a computer and get rid of such a threat without harming the system.

    What is spyware?

    Let's start with the fact that spy applications, or executable applets, usually called Spyware, are not viruses as such in the usual sense. That is, they have virtually no impact on the system in terms of its integrity or performance, although when infecting computers they can constantly reside in RAM and consume part of the system resources. But, as a rule, this does not particularly affect the performance of the OS.

    But their main purpose is precisely to track the user’s work, and, if possible, steal confidential data, spoof email for the purpose of sending spam, analyze requests on the Internet and redirect to sites containing malware, analyze information on the hard drive, etc. Itself It goes without saying that any user must have at least a primitive anti-virus package installed for protection. True, for the most part, neither free antiviruses nor, especially, the built-in Windows firewall provide complete confidence in security. Some applications may simply not be recognized. This is where a completely logical question arises: “What then should be the protection of a computer from spyware?” Let's try to consider the main aspects and concepts.

    Types of spyware

    Before proceeding with a practical solution, you should clearly understand which applications and applets belong to the Spyware class. Today there are several main types:

    • key loggers;
    • hard drive scanners;
    • screen spies;
    • mail spies;
    • proxy spies.

    Each such program affects the system differently, so next we will look at how exactly spyware penetrates a computer and what they can do to an infected system.

    Spyware penetration methods into computer systems

    Today, due to the incredible development of Internet technologies, the World Wide Web is the main open and weakly protected channel that threats of this type use to penetrate local computer systems or networks.

    In some cases, spyware is installed on the computer by the user himself, as paradoxical as this may sound. In most cases, he doesn't even know about it. And everything is banally simple. For example, you downloaded a seemingly interesting program from the Internet and started the installation. In the first stages, everything looks as usual. But then sometimes windows appear asking you to install some additional software product or add-on to your Internet browser. Usually all this is written in small print. The user, trying to quickly complete the installation process and start working with the new application, often does not pay attention to this, agrees to all the conditions and... ultimately receives an embedded “agent” for collecting information.

    Sometimes spyware is installed on a computer in the background, then masquerading as important system processes. There may be plenty of options here: installing unverified software, downloading content from the Internet, opening dubious email attachments, and even simply visiting some unsafe resources on the Internet. As is already clear, it is simply impossible to track such an installation without special protection.

    Consequences of exposure

    As for the harm caused by spies, as already mentioned, this generally does not affect the system in any way, but user information and personal data are at risk.

    The most dangerous among all applications of this type are the so-called key loggers, or simply put, they are the ones who are able to monitor the set of characters, which gives an attacker the opportunity to obtain the same logins and passwords, bank details or card PIN codes, and just something that the user would not want to make available to a wide range of people. As a rule, after all the data has been determined, it is sent either to a remote server or via e-mail, naturally, in hidden mode. Therefore, it is recommended to use special encryption utilities to store such important information. In addition, it is advisable to save files not on a hard drive (hard drive scanners can easily find them), but on removable media, or at least on a flash drive, and always along with the decryptor key.

    Among other things, many experts consider using the on-screen keyboard to be the safest, although they recognize the inconvenience of this method.

    Screen tracking in terms of what exactly the user is doing is dangerous only when confidential data or registration details are entered. The spy simply takes screenshots after a certain time and sends them to the attacker. Using the on-screen keyboard, as in the first case, will not give any results. And if two spies work simultaneously, then you won’t be able to hide anywhere.

    Email tracking is done through your contact list. The main goal is to replace the contents of the letter when sending it for the purpose of sending spam.

    Proxy spies are harmful only in the sense that they turn the local computer terminal into some kind of proxy server. Why is this necessary? Yes, only to hide behind, say, the user’s IP address when committing illegal actions. Naturally, the user has no idea about this. Let’s say someone hacked the security system of a bank and stole a certain amount of money. Monitoring of actions by authorized services reveals that the hack was carried out from a terminal with such and such an IP, located at such and such an address. The secret services come to an unsuspecting person and send him to jail. Is there really nothing good about this?

    First symptoms of infection

    Now let's move on to practice. How to check your computer for spyware if suddenly, for some reason, doubts creep in about the integrity of the security system? To do this, you need to know how the impact of such applications manifests itself in the early stages.

    If for no apparent reason a decrease in performance is noticed, or the system periodically “freezes”, or refuses to work at all, first you should look at the load on the processor and RAM, and also monitor all active processes.

    In most cases, the user in the same “Task Manager” will see unfamiliar services that were not previously in the process tree. This is just the first call. The creators of spyware are far from stupid, so they create programs that disguise themselves as system processes, and it is simply impossible to identify them manually without special knowledge. Then problems begin with connecting to the Internet, the start page changes, etc.

    How to check your computer for spyware

    As for scanning, standard antiviruses will not help here, especially if they have already missed the threat. At a minimum, you will need some kind of portable version like Kaspersky Virus Removal Tool (or better yet, something like Rescue Disc that checks the system before it boots).

    How to find spyware on your computer? In most cases, it is recommended to use highly targeted special programs of the Anti-Spyware class (SpywareBlaster, AVZ, XoftSpySE Anti-Spyware, Microsoft Antispyware, etc.). The scanning process in them is fully automated, as well as subsequent deletion. But here there are things that are worth paying attention to.

    How to remove spyware from your computer: standard methods and third-party software used

    You can even remove spyware from your computer manually, but only if the program is not disguised.

    To do this, you can go to the programs and features section, find the application you are looking for in the list and start the uninstallation process. True, the Windows uninstaller, to put it mildly, is not very good, since it leaves a bunch of computer garbage after the process is completed, so it is better to use specialized utilities like iObit Uninstaller, which, in addition to uninstalling in the standard way, allow you to perform in-depth scanning to search for residual files or even keys and entries in the system registry.

    Now a few words about the sensational Spyhunter utility. Many people call it almost a panacea for all ills. We beg to differ. It scans the system yet, but sometimes it gives a false positive. That’s not the problem. The fact is that uninstalling it turns out to be quite problematic. For the average user, just the number of actions that need to be performed makes their head spin.

    What to use? Protection against such threats and search for spyware on your computer can be done, for example, even using the ESETNOD32 or Smart Security package with the Anti-Theft function activated. However, everyone chooses for themselves what is better and easier for them.

    Legalized spying in Windows 10

    But that's not all. All of the above concerned only how spyware penetrates the system, how it behaves, etc. But what to do when espionage is legal?

    Windows 10 did not perform well in this regard. There are a bunch of services here that need to be disabled (communicating data with remote Microsoft servers, using identity to receive advertising, sending data to a company, determining location using telemetry, receiving updates from multiple places, etc.).

    Is there 100% protection?

    If you look closely at how spyware gets onto a computer and what it does afterwards, there is only one thing we can say about 100% protection: it does not exist. Even if you use the entire arsenal of security tools, you can be 80 percent sure of security, no more. However, there should be no provocative actions on the part of the user himself in the form of visiting dubious sites, installing unsafe software, ignoring antivirus warnings, opening email attachments from unknown sources, etc.

    Read more: