Cyber attacks and instances of computer hackings have increased dramatically throughout this year, largely due to the coronavirus pandemic and the lockdown that the while world went into. Much of the workforce across the globe shifted to working remotely. And as most people were forced to stay home for weeks on end, internet usage spiked significantly everywhere. So, naturally, hackers saw this as a golden opportunity to take advantage of the situation.
And aiding them on their criminal mission are powerful tools, such as the hacking programs we have listed here. For sure there are ones we are not aware of yet and are therefore not included in the list, as new hacking tools are constantly being developed and old ones are perfected. But we hope that this post at least gives you a decent glimpse into the arsenal of software weapons that hackers use to execute their attacks.
This is a security auditing tool that allows you to create a fake Wi-Fi access point. It is used for the purpose of rerouting traffic from wireless clients, and it can do so by means of pretending to be an existing network by making fake copies. As a result, users are disconnected from their actual networks with the help of special network packets, and they are then diverted to the rogue network.
Wifi-Pumpkin has been used repeatedly to facilitate extensive phishing campaigns. And hackers can use it together with other software and plugins to set post-execution processes.
- Ghost Tunnel
This is a script used for covert backdoor transmission and it allows hackers to attack users in isolated environments. All Ghost Tunnel needs for it to be effective is a device within a 50 meter range that has a Wi-Fi card. This tool can bypass firewalls and doesn’t need to have an established Wi-Fi connection with the network of the cybercriminals in order to successfully launch an attack.
Trape is a tool designed for sophisticated research and analysis, but what it serves cybercriminals for is the launch of social engineering attacks. It essentially allows you to obtain information from browsing sessions and different web services without showing any social interaction. And ironically, this tool was initially created for different researchers and organizations in order to track hackers. However, clearly, it has turned out to be a double-edged sword.
What is also particular about it is that it allows more specific targeting, so criminals can use it together with a set service or host to single out individual users and track them in real-time. And just like most of the other tools in this list, Trape is frequently utilized for phishing attacks.
- Build Your Own Botnet
The name speaks for itself. This software is actually used for security research and was developed for educational purposes mainly. Namely, it gives users insight into how botnets work and how they can be exploited for malicious tasks.
However, this software is open-source. And that means that anyone is free to modify it of their own accord, so it wasn’t long before hackers and cybercriminals started taking advantage of it, too.
Among other things, one of the dangerous features of Build Your Own Botnet (aka BYOB) is that it can avoid being detected by antivirus programs thanks to the fact that no information is written to the hard drive.
- King Phisher
Much like the previous entry in this list, King Phisher is also used to educate users and promote awareness about how phishing attacks are executed. This tool allows you to simulate such attacks without actually being designed to facilitate them for real.
But it, too, is open-source technology, which means that cybercriminals and hackers with malicious intents can modify it in order to do so. King Phisher has a whole range of features that make it ideal to run advanced real-time attacks against a large number of hosts. Furthermore, these attacks can be planned and set ahead of time, as well.
To top it off, King Phisher’s campaigns can seem strikingly legitimate due to the suite’s ability to customize emails and embed images in them. It can even use two-factor authentication.