Infernal Twin Updated 2.6.11 – Automated Wireless Hacking Suite

Infernal Twin is an automated wireless hacking suite written in Python which automates many of the repetitive tasks involved in security testing for wifi networks.

Infernal Twin - Automated Wireless Hacking Suite

Originally created to automate the Evil Twin attack, it has grown much beyond that into a comprehensive suite including various wireless attack vectors.

An evil twin attack is when a hacker sets its service identifier (SSID) to be the same as an access point at the local hotspot or corporate wireless network. The hacker disrupts or disables the legitimate AP by disconnecting it, directing a denial of service against it, or creating RF interference around it.

Users lose their connections to the legitimate AP and re-connect to the “evil twin,” allowing the hacker to intercept all the traffic to that device.


  • WPA2 hacking
  • WEP Hacking
  • WPA2 Enterprise hacking
  • Wireless Social Engineering
  • SSL Strip
  • Report Generation
  • Note Taking
  • Data saved in Database
  • Network mapping
  • MiTM
  • Probe Request

Latest Changes

  • Added Log retrieval button for various attack results.
  • Added BeeF XSS framework Integration
  • Added HTTP Traffic View within tool
  • Improved Infenral Wireless Attack
  • Visual View of some of the panel improved
  • Improved Basic Authentication during Social engineering assessment over wireless network

You can download Infernal Twin here:

Or read more here.


Major Call Center Scam Network Revealed – 56 Indicted

This week the US Attorney for the Southern District of Texas unsealed indictments against 56 individuals operating a conspiracy to commit wire fraud through a sophisticated scam involving five call centers in Ahmedabad, Gujarat, India.

The Call Centers — HGlobal, Call Mantra, Worldwide Solutions, Sharma Business Process Outsourcing Services, and Zoriion Communications — placed calls in four primary types of telefraud, and then laundered the money through a network of Domestic Managers, Runners, and Payment Processors in the United States.   The money was then moved via a Hawaladar, a person who runs an underground banking system, or an international money transfer service called a Hawala.  Hawala banking speeds the availability of international funds by operating on a trust system where the Hawaladar can incur or pay debts in one country for a large number of trusted parties from locally available funds on hand.

October 27, 2016 Press Release

Fraud types

IRS Scams: India-based call centers impersonated U.S. Internal Revenue Service officers and defrauded U.S. residents by misleading them into believing that they owed money to the IRS and would be arrested and fined if they did not pay their alleged back taxes immediately.

Law Enforcement Scams: India-based call centers also impersonated various law enforcement agencies, as with the IRS scams, threatening immediate arrest if the victim failed to comply with transferring funds.  (This blog has covered this scam before, including sharing a recording of one such call — see: "

Warrant for Your Arrest Phone Scams

" from November 7, 2014.)

USCIS Scams: India-based call centers impersonated U.S. Citizen and Immigration Services (USCIS) officers and defrauded U.S. residents by misleading them into believing that they would be deported unless they paid a fine for alleged issues with their USCIS paperwork.

Payday Loan Scams: India-based call centers defrauded U.S. residents by misleading them into believing that the callers were loan officers and that the U.S. residents were eligible for a fictitious "payday loan".  They would then collect an upfront "worthiness fee" to demonstrate their ability to repay the loan.  The victims received nothing in return.

Government Grant Scams: India-based call centers defrauded U.S. residents by misleading them into believing that they were eligible for a fictitious government grant. Callers directed the U.S. residents to pay an upfront IRS tax or processing fee.  The victims received nothing in return.

Roles in the Operation

In the US, the primary parties were the Domestic Managers, the Runners, and the Payment Processors.  A Domestic Manager directed the activities of the runners and provided them with the resources they needed to do their work, including vehicles, and credit cards to be used to pay business expenses.  The Runners job was to purchase temporary "GPR cards" (General Purpose Reloadable) and then send the information about these cards to the scammers who were working in the call centers in India.  When they reached the "payout" portion of the scam, the funds would be transferred from the victim to the Runner’s GPR card.  The Runners would then retrieve the cash and send it further upstream, often via Western Union or Moneygram using false identification documents. 

Data Brokers helped to generate "lead lists" for the Call Center Operators.  (For example, One of the data brokers used by the call centers was working as an IT Consultant for a company in New York.  Vishal Gounder would steal the PII from company databases and use the identities to activate the GPR cards.  )

Payment Processors acted as the intermediary between the Runners and the Call Centers for exchanging funds either through Hawaladars or via GPS Cards and international wire transfers.

The Indicted

The largest number of arrested and indicted individuals came from the HGlobal call Center.  I’ve illustrated the information from the indictment below:

HGlobal: Runners in 8 states, including Alabama
The other Ahmedabad, Gujarat, India Call Centers and their indicted members


GreenDot Investigations 

One of the methods that the members of the conspiracy were tracked was by their reliance on certain GPR cards, including the GreenDot MoneyPak cards.  When a GreenDot MoneyPak card is used, an identity and a telephone number have to be associated with the card.   The call centers in India operate primarily by using "Magic Jack" devices to place unlimited international calls over Voice Over IP (VOIP) lines where they can choose the callerid number that is displayed.   GreenDot investigators found that more than 4,000 GreenDot cards had been registered to the same Magic Jack telephone number, (713) 370-3224, using the identity details of more than 1,200 different individuals!

That Magic Jack number was controlled by Hitesh Patel, the call center manager of HGlobal.

The criminals did a poor job back-stopping their fake identities.  In this case, the Magic Jack was registered to the email "" which used as its recovery email, which lists the telephone number 9879090909, which Hitesh also used on his US Visa Application.  The Magic Jack device had been purchased in Texas by Asvhwin Kabaria, who used the email to send the news to that he was shipping him 20 Magic Jack devices via UPS.  The same individual would ship more than 100 Magic Jack devices to other members of the conspiracy, including people in India and in Hoffman Estates, Illinois.

Another Magic Jack number, (630) 974-1367, was associated by 990 Green Dot GPR Cards using 776 different stolen identities.  (785) 340-9064 was associated with 4,163 Green Dot cards using 1903 different stolen identites!  That one was used by which was frequently checked from the same IP address that Magic Jack calls using this number were originating.

Sunny Joshi ( was shown to have purchased $304,363.45 worth of GPR cards in a single month (October 2013!)  Emails to and from Sunny often had spreadsheets documenting which transactions had been funded by which GRP cards.  One spreadsheet showed $239,180.79 worth of transactions from 116 different cards!

Another investigative trick was to look for cards that were used in "geographically impossible" situations.  For example, on January 13, 2014 at 11:37 AM a conspirator used a card to buy gas in Racine, Wisconsin.  On the same day at 12:46 PM the same card was used to buy groceries in Las Vegas, Nevada.

At least 15,000 victims have been confirmed to have lost money to these scammers, and an additional 50,000 victims are known to have had their identity details in the possession of these scammers.

The Most Vulnerable Among Us

The most vulnerable victims seem to have been recent immigrants and the elderly.  Those who are accustomed through habit or fear to quickly obeying any order of authority, even when it seems incredulous.   There are several victims who were ordered repeatedly to purchase the largest possible Green Dot cards ($500 value) and to do so in batches over several days.  One victim in 2013 purchased 86 cards worth $43,000 and transmitted the details to the scammers.  These cards were accessed from the IP of the 703 Magic Jack phone and transferred by email to "".  

One resident of Hayward, California was contacted repeatedly from January 9, 2014 through January 29, 2014 and extorted into purchasing 276 MoneyPaks worth $136,000 and transmitting the PIN numbers to the thieves.  She was frightened into believing she was speaking with the IRS and would be immediately arrested if she did not comply!

Recent immigrants are also especially vulnerable.  In one of the many examples from the indictment, Rushikesh B., a resident of Naperville, Illinois, was extorted for $14,400 by an individual claiming to be the Illinois State Police and threatening arrest if he did not immediately pay fines related to immigration violations.

Those who work with our elderly and with recent immigrant communities are strongly encouraged to remind them that NO LAW ENFORCEMENT OFFICIAL will EVER take payment for a fine via money transferred over the internet or email!  Nor will they ever require a GPR card to be used to pay such a fee!   

Anyone who hears of a friend, family member, co-worker who has been a victim of such a scam is strongly encouraged to file a report. 

For all IRS-related telephone scams, please help your colleague to report the scam by using the TIGTA website, "

IRS Impersonation Scam Reporting

" run by the Treasury Department’s Inspector General for Tax Administration. 

The URL is:

For all other Telefraud scams involving government impersonation, this FTC website may be used:

Email Traffic a key to the Case

The indictment goes on for 81 pages listing incident after incident, including many email accounts used by the criminals.  Some of the criminals made accounts for money movement, such as money.pak2012@gmail, payment8226@gmail, but others used their "primary emails" like Cyril Jhon who used the email cyrilhm2426@gmail for his conspiracy traffic. Saurin Rathod used the email saurin2407@gmail, while Hardik Patel used hardik.323@gmail!  One of the payment processors, Rajkamal Sharma, sent over 1,000 emails to conspirators with directions about where to deposit various funds. Almost 50 pages of the 81 page indictment are walking through the evidence uncovered by email analysis!

The full indictment is a fascinating read … you can find a copy here:

The indicted:

Hitesh Madhubhai Patel

Hardik Arvindbhai Patel

Janak Gangaram Sharma

Tilak Sanjaybhai Joshi

Saurin Jayeshkumar Rathod

Tarang Ranchhodbhai Patel

Kushal Nikhilbhai Shah

Karan Janakbhai Thakkar

Manish Balkrishna Bharaj

Rajpal Vastupal Shah

Sagar Thakar (aka Shaggy, Shahagir Thakkar)

Cyril Jhon Daniel

Jatin Vijaybhai Solanki

Jerry Norris (aka James Norris, IV)

Nisarg Patel

Miteshkumar Patel

Rajubhai Bholabhai Patel

Ashvinbhai Chaudhari

Fahad Ali

Jagdishkumar Chaudhari (Jagdish)

Bharatkumar Patel (Bharat)

Asmitaben Patel

Vijaykumar Patel

Montu Barot (Monty Barot)

Praful Patel

Ashwinbhai Kabaria

Dilipkumar Ramanlal Patel

Nilam Parikh

Dilipkumar Ambal Patel (Don Patel)

Viraj Patel

Abshishek Rajdev Trivedi

Samarth Kamleshbhai Patel

Harsh Patel

Aalamkhan Sikanderkhan Pathan

Jaykumar Rajanikant Joshi

Anjanee Pradeepkumar Sheth

Kunal Chatrabhuj Nagrani

Subish Surenran Ezhava (aka Chris Woods)

Sunny Tarunkumar Sureja (aka Khavya Sureja)

Sunny Joshi (aka Sharad Ishwarial Joshi, Sunny Mahashanker Joshi)

Rajesh Bhatt (aka Manoj Joshi, Mike Joshi)

Nilesh Pandya

Tarun Deepakbhai Sadhu

Vishalkumar Ravi Gounder (Vishal Gounder)

Bhavesh Patel

Raman Patel

Rajesh Kumar Un

Aniruddh Rajeshkumar Chauhan

Rahul Tilak Vijay Dogra

Vicky Rajkamal Bhardwaj

Clintwin Jacob Chrisstian

Aneesh Antony Padipurikal (Aneesh Anthony)

Jatankumar Kareshkumar Oza (aka Jatan Oza)

Rajkamal Omprakash Sharma

Vineet Dharmendra Vasishtha (aka Vineet Sharma, Vineet Vashistha)

Gopal Venkatesan Pillai


No More Ransom Helps You Prevent and Recover from Ransomware Attacks

Ransomware attacks are on the rise, and once your computer or network has been infected, it can be really difficult to recover. No More Ransom can help, and more importantly, help you now, before an infection, and later, after one.

The No More Ransom site does a couple of great things. First, if you or a computer you use has already been compromised, you can upload an encrypted file and the details of the ransom letter you received and the service will analyze and tell you what type of ransomware you’re dealing with, and who’s behind it, if they know.

If you just want to protect yourself however, the site has plenty of tips to make sure your files and everything are safe and secure, starting with keeping regular backups. From there, it’s all about using robust antimalware tools on your computer, and learning a little internet savvy and good web hygiene (turning on “show file extensions” and never opening files or attachments sent to you by people you don’t know, and even then checking on ones from people you do know.)

The site is the result of a partnership between Intel Security and Kaspersky Labs, so keep an eye out for plugs for their specific tools and technologies, but overall the material there is correct and helpful—and worth a bookmark if you manage computers, work in IT, or are just worried a family member may call you one day asking whether what a Bitcoin is and why someone is demanding thousands of dollars in them to unlock their PC.

No More Ransom

Photo by Christiaan Colen and Malwarebytes.


The ASUS RT-AC68U Is Your Favorite Wireless Router

Our wireless router Co-Op came down to a final face-off between two reader favorites, but in the end, the ASUS RT-AC68U took over 2/3 of the vote to claim the title.

This router is simply the best working router I’ve had in years. I’m not even using a tenth of what it’s capable of, but the fact of the matter is it’s the first router I’ve had where I didn’t feel like I needed to power cycle once every couple weeks. – lordkilgar

I second this. And if you’re brave enough, you can install third party firmware to unlock even more advanced features. – jbatubara

I’d also like to add 1) guest wifi to keep guest devices segregated from your network and 2) Asus has a baked in dynamic dns feature which makes accessing home network remotely a lot easier if you don’t have a static ip. – wherewallaceatstring

Commerce Content is independent of Editorial and Advertising, and if you buy something through our posts, we may get a small share of the sale. Click here to learn more, and don’t forget to sign up for our email newsletter. We want your feedback.


Over 3.2 Million Debit Cards May Have Been Compromised, Says National Payment Corporation of India

A total of 3.2 million debit cards across 19 banks may have been compromised as a result of a suspected malware attack. The breach, possibly largest of its kind in India, was confirmed by the National Payment Corporation of India (NPCI) in a statement today. The problem was brought to NPCI’s attention via complaints from banks informing the agency that their customers’ cards were used fraudulently, mainly in China and USA, while customers were in India, according to the statement.

"How the breach could have occurred," Alex Mathew reporting in Bloomberg: "The breach that has apparently given hackers access to the PIN codes of several bank customers is likely to be on account of a malware attack. This attack is believed to have originated at an ATM. The actual modus operandi of the hackers will only become clear once the forensic audit is released in November… First, the hacker would have had to gain physical access to an ATM. The malware was then likely injected by connecting a laptop or another special device to a port on the cash disbursing machine, said Tiwari, a consultant at Centre For Internet & Society in Bengaluru. Once the malware is injected, it automatically spreads across the network…"


ScreenWings is an anti-screenshot tool

ScreenWings is a free anti-screenshot program for the Windows operating system that blocks screenshots from being taken properly on devices it is run on.

Malware comes in many different forms: from ransomware that encrypts your files, over trojans that add your devices to a botnet, to outright destructive malware that deletes files without any gain whatsoever.

There is malware that tries to steal information, and in this context specifically information that its operators can turn into money. This includes account data, banking information, credit card data, and any other data that is of value on the darknet.




ScreenWings is a simple to use portable program for Windows that ships with only two buttons when you launch it. The first, the red x-icon, closes the program. The second, enables its anti-screenshot functionality. The button acts as a toggle for the anti-screenshot functionality that ScreenWings offer.

What this means is that you need to enable it whenever you need it, and may disable it when you don’t.

While you can still use the screenshot functionality of Windows or any third-party tool, you will notice that the program blackens the screen entirely once it recognizes a screenshot taking process.

We tried a variety of programs, the snipping tool, print-key, and SnagIt, and the program managed to detect them all properly and protect the screen from being captured. This worked regardless of the selection mode (including fullscreen and auto-saving options).

There is no guarantee obviously that ScreenWings will block any malicious process from capturing the screen but it seems to work well.

The application supports multi-monitor setups which is another bonus.

Closing Words

ScreenWings is a simple program for Windows to block processes from taking screenshots while enabled. Since it is portable, it is probably best used in that context. You may copy it to a USB Flash Drive and run it on Windows PCs that you don’t have full control over for that extra bit of security.

It is not really suitable for home use as there are better ways to protect your data from being leaked. This means proper security software for one that blocks malware before it has a chance to run and do harm.

Also, and that is probably the main downside of ScreenWings, it is quite the memory eater. The program used 175 Megabyte while running on a Windows 10 machine.

All in all, this may be an option if you have to work on public PCs or PCs that you don’t have full control over.

Author Rating

no rating based on 0 votes

Software Name


Operating System


Software Category


Landing Page


No loss to customers from cyber attack: Axis Bank

New Delhi, Oct 19: Private sector Axis Bank today said there was no loss to its customers from the recent cyber attack. The malware attack was detected in time and was duly informed to the regulator RBI, Axis Bank said in a statement.


New hacker collective targets SWIFT system

Following the $81 million cyberattack in February, a second hacking group has emerged with the intention of exploiting the SWIFT money transfer system to rob banks.

A report from the security firm Symantec has revealed that these cyberattacks have occurred since January and have targeted companies located in the US, Hong Kong, Australian and other countries. The firm has detected 74 different computer infections that suggest that around 100 organizations have been affected by these attacks so far.