Bank Hacking Tutorial Is Ardamax Keylogger In Disguise

| | Comments (0)

Here's a strange one - a supposed "Bank Hacking Tutorial" that's actually nothing of the kind. Of course, suspicions should be raised by the fact that the "tutorial" is actually an executable:

bank_hack_tut1.jpg

When running the file, a screenshot takes over the desktop which appears to be a snap from inside someone's bank account containing around $4,000:

http://blog.spywareguide.com/upload/2008/01/bank_hack_tut2-thumb.jpg
Click to Enlarge

Note the tabs at the bottom - "People I've hacked" and a notepad file called "Bank account". Was this all done purely to show off with some bragging rights? Well, sort of...once you close the screenshot, you're met with this on the desktop:

bank_hack_tut3.jpg

A "trial expired" notice for Ardamax keylogger, version 1.6 (currently it's at 1.7). The files are dumped into a numbered folder in the System32 Directory:

bank_hack_tut4.jpg

....and here's the Viewer that runs if you double click AKV.exe:

http://blog.spywareguide.com/upload/2008/01/bank_hack_tut5-thumb.jpg
Click to Enlarge

Now this could be an interesting way to social engineer a script kiddy into running a keylogger on their own PC (hey kid, check out my awesome bank hack tutorial!) - but I can't see it being much use when the version they're dumping onto the PC has expired?

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on January 8, 2008 2:43 AM.

2008: What Does The Year Hold? was the previous entry in this blog.

Who Watches The Watchmen? is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.