OffensiveWare Sold on Hacking Forums as Exploit Builder and Next-Gen Keylogger

October 12, 2016

The latest addition to the malware scene is a new set of hacking tools advertised under the OffensiveWare brand, available as rentable MaaS (Malware-as-a-Service) toolkits, and sold on hacking forums by the same crook that developed the Aaron Remote Installable Keylogger (ARIK) and Ancalog Exploit Builder.

First signs of this new service appeared at the end of August when the hacker behind these tools started posting ads about his new product on HackForums, a popular destination for wannabe hackers.

The ads, which also included presentational YouTube videos, led buyers back to the OffensiveWare website, where they could buy several types of tools advertised under the OffensiveWare brand.

OffensiveWare’s remote keylogger

This list of tools included several variations of an exploit builder for weaponizing Office files (priced at $49, $99, $290) and a remote keylogger that also included a password dumper and screenshot-taking feature (priced at $80).

While the OffensiveWare author tried to boost his product by posting screenshots of good reviews he received from previous HackForums buyers, the OffensiveWare Remote Keylogger (ORK) was inferior to many spyware applications currently available on the same HackForum.

ORK currently includes the ability to steal passwords from email applications, browsers, social networks, and IM clients. Other keyloggers we wrote in the past supported a larger number of targeted applications than ORK supports, and also supported several other application types, such as Bitcoin wallets and FTP clients.

Read full story…