Hackers Are Stealing Passwords and Taking Remote Control Using Free Tools

Hackers Are Stealing Passwords and Taking Remote Control Using Free Tools — What’s Happening and How They’re Doing It

In the past few months, cybersecurity experts have noticed a sharp increase in attacks where hackers steal usernames and passwords, and then take control of people’s or companies’ computers — all without needing fancy or expensive malware.

Most of these attacks are happening in Mexico and other parts of Latin America, and they are being carried out by a group called Greedy Sponge. These hackers are after money, and they’re going after all kinds of businesses — from banks to shops to farms.

Hackers Send Fake Files to Trick Victims

The hackers usually start their attack by sending a fake ZIP file (a compressed folder), which may look like a regular update or document. This file often contains:

• A real-looking file (like a browser or software installer)

• A hidden virus that installs itself quietly in the background

Once someone opens this ZIP file and clicks inside, the virus gets installed and starts its work without them knowing.

What the Virus Does: AllaKore RAT

The main tool hackers are using is called AllaKore RAT. RAT stands for Remote Access Trojan — basically, a tool that lets hackers take full control of your computer from far away.

With AllaKore RAT, hackers can:

• Log your keystrokes (see what you type, including passwords)

• Take screenshots

• Upload or download files

• Use your computer like it’s their own

In short, they can spy on you or steal sensitive information like bank logins and business documents.

Smart Tricks to Hide Their Activity

These hackers are not super advanced, but they’re smart. They’ve changed the way their tools work so that:

• Only people in Mexico (or certain locations) can download the full virus — this makes it harder for security teams outside the region to study it.

• The fake software they send looks exactly like real tools, so victims trust it.

• The virus can also install other harmful tools later, like:

  • SystemBC – Turns your computer into a secret gateway for hackers

  • Ghost Crypt – Helps viruses hide from antivirus programs like Microsoft Defender

  • Hijack Loader – Used to sneak in even more dangerous malware like RedLine Stealer

Some Hackers Even Call Victims to Speed Things Up

In one recent attack, hackers pretended to be a new client, sent a fake PDF file, and even called the victim to rush them into opening the file and installing the virus. This method is called social engineering — using human tricks instead of code.

New Tools Like Neptune RAT and PureRAT

Other hackers are using new versions of tools like:

• Neptune RAT (used to take screenshots, log keystrokes, steal data)

• PureRAT (similar to AllaKore, also used for spying)

• XWorm (which Neptune is partly based on)

These tools are easy to find and can be used by even low-skill hackers, making them popular for cybercrime.

How Do These Tools Bypass Security?

Hackers are using tools like:

• Ghost Crypt – A special service that hides viruses inside other files so they look safe

• Inno Setup Loaders – These are fake installers that sneak malware into your system when you think you're installing normal software

For example, one type called Hijack Loader installs RedLine Stealer, which is made to steal saved passwords, browser data, and more.

Why They’re Doing This: It’s All About the Money

Most of these attacks are not meant to cause destruction — they’re meant to steal information that can be sold or used to access bank accounts, payment systems, or business platforms. Once hackers get in, they can:

• Sell your login info on hacker forums

• Access your bank account or online tools

• Use your PC to attack other people

What You Can Do to Stay Safe

Even if you’re not in Mexico or Latin America, these attacks can happen anywhere. Here’s how to protect yourself:

• Never open ZIP files from unknown senders

• Use antivirus software and keep it updated

• Use strong, unique passwords (and never reuse the same one)

• Enable two-factor authentication (2FA) wherever possible

• Be suspicious of urgent requests, especially if someone calls or emails you asking to open a file

Hackers don’t need advanced tools anymore. With free remote-access tools and simple social engineering tricks, they’re stealing credentials and running attacks on real companies every day. Stay alert, be cautious with email attachments, and always question what you're downloading or clicking.

If you work in a business — especially in finance, retail, or public services — share this with your team. Most attacks start with one person clicking the wrong thing.