Monday, 25 November 2013

Sending a spy program with gmail

To install a spy program remotely you need to email the target an install module. Spy software like redpill Agent and redpill Detective allows you to hide the install module within a 'cover application' . When emailing the target the install module, you will need either zip the file, embed it into wordpad or send it as a link as most email service providers doesn't allow you to add executables (exe's) as attachments.

To see how to send the spy program as a link see 'Installing spy software with a link'.
To see how to embed the spy program in wordpad, see  'How to remotely install spy software'.

Using a zipped file for the attachment can be a problem when either you or your target is using gmail as gmail will block attachments that contain executables even when they are zipped.

There is however a simple solution to the problem:

Add a password to your zip file

In winrar and winzip you can choose to add a password to your zip/rar file. When you add a password, gmail will not be able to see what is inside the zip/rar file.

When sending the email, you will just need to let your target know what the password is (in the example below, we chose the 'Trojan Removal Tool' cover application.

Wednesday, 30 October 2013

Spy Software for Windows 8

redpill has tested the following spy applications on Windows 8:

All the redpill Spy programs passed the Windows 8 test.

redpill is also continually busy updating their software to avoid detection by most anti-virus packages.

Tuesday, 8 October 2013

What spy program to use to monitor multiple computers remotely

redpill has three spy programs that can monitor a computer remotely. Two of these spy products, redpill Agent and redpill Detective, allow you to install remotely and to monitor multiple computers.

redpill Detective has been designed so that you can monitor multiple computers from your account (control panel) but you need to purchase a license for each computer. For that reason, a lot of redpill customers prefer redpill Agent as you can monitor multiple computers with one license.

How many computers can redpill Agent monitor?

There is no set limit, but it is also not unlimited … let me explain …

Unlike redpill Detective where you view the data in your redpill account, redpill Agent will email you the data to your gmail email address. redpill Agent will also use your account to send the data (to yourself). Gmail has a limit of 500 emails per day. So at some point it will not be logical to add more computers to your account.

The number of emails each computer will send will depend on how much each computer is used.

There are also two other risks if you monitor too many computers with one account:
  • If you monitor multiple computers, gmail will pick up that your account is being accessed from different countries in a suspicious manner (redpill Agent will be accessing your account from the target computers). Gmail might think your account is hacked and force you to change your password. If that happens, you will need to reinstall on all your targets as your gmail password is encrypted within each install module.
  • If you receive too much data, Gmail might think you are using your account to send spam emails and block your account. redpill Agent will not link your redpill Agent account to another gmail address, so you need you should use your redpill Agent account with care and not monitor too many computers with one license. 

2015/05/10 - UPDATE: 
If you want to monitor multiple computers the best choice is redpill Hacker as you are not limited to gmail or to one email account as with redpill Agent.

To find out more about these and other products visit:

Saturday, 3 August 2013

redpill Agent beats Norton and Yahoo mail

If you are familiar with spy software you will know that there is a non stop battle going on between spy software vendors like redpill and anti-virus companies like Norton. As anti-virus companies finds new ways to detect spy programs, companies like redpill finds new ways to stay undetected.

There are two ways to install redpill Agent remotely via email:
  1. By sending the target a link 
  2. By attaching the install module to the email (either as a zipped file or embedded into wordpad)
Recently, Yahoo started using Norton to scan their attachments and redpill Agent was detected if the second method where used even when embedded into a wordpad file.

On 2013/08/03 redpill released a new version of redpill Agent that gets past the Norton scan of Yahoo if Ghost Protocol is active. It is now again possible to use the second method of installing when sending an email from or two a Yahoo email address.

redpill Agent will also now again get past most anti-virus scans.

Please note: No remote installation is guaranteed and it is possible that that Norton or other anti-virus packages might again detect redpill Agent. redpill will continue to improve their counter detection measures.

Wednesday, 10 July 2013

Installing a spy program using Yahoo

Update: On 2013/08/03 redpill released an update to redpill Agent that allows redpill Agent to again get past the Norton scan of Yahoo if Ghost Protocol is active.
Yahoo recently started using Norton to filter email attachments. Currently redpill Detective does not get detected by Norton but redpill Agent from time to time does get detected by Norton. redpill continually work to avoid detection, but in the same way anti virus companies also keep on working on new methods to detect spy software.

If you try to attach the install module (embedded in a wordpad document) to a Yahoo email and it fails, you can email it using another service like gmail. If however you want to email it from or to a Yahoo email address, you need to send it as a link.

How to email the redpill Agent install module as a link

First we are going to create our install module. For this test, we are not going to use one of the default cover install modules but create our own … a ‘SMART Virus Removal Tool’.

Ensure that Ghost Protocol is active. Without Ghost Protocol the possibility that redpill Agent will be detected is almost certain. 

We now open a wordpad document (use WordPad and not Microsoft Word) and add some text to convince the target you double click on the icon. We then drag and drop the install module we created into the wordpad document.

Note: Be sure to add some text to tell the target to click on ‘Enable Editing’ if he opens the document using Microsoft Word. 

You now need to upload the document to Google Drive. If you don’t have a Google Drive account, create a gmail account (you will automatically get Google Drive as well).

Once you uploaded the document into Google Drive, click on ‘Share’ and choose the option to share it as a link.

Copy the link provided by Google Drive.

We can now type our email in Yahoo. Add some text for the link. For our example we will use ‘SMART Virus Removal Tool’.  Highlight the text and select ‘insert link’. Paste the link that you saved from Google Drive into the box.

Your email is now ready to be sent.

When the target gets the email and clicks on the link, Google Drive will show him a download button. When he downloads the file, the wordpad file will open.  He will then read the instructions and run the removal tool.

The target will think the SMART Virus was found and removed by the Virus Removal Tool but redpill Agent would have been secretly installed.

Wednesday, 29 May 2013

Liberty Reserve – Alternative Payment Options

As most of you know, the Liberty Reserve website has been seized by US authorities.

You can read the full story here:  Liberty Reserve Shutdown- What Now?

As Liberty Reserve was one of the payment options for redpill, we would like to make our Liberty Reserve customers aware of other payment options that redpill support.

For most of our spy software products we offer a wide range of payment options including credit card and paypal. To use these options just select the Avangate payment option on the redpill purchase page. We also support online currencies (webmoney and Perfect Money).

One of our spy programs, redpill Agent is not available through Avangate. To purchase redpill Agent or Ghost Protocol please use one of following payment options:
  • Webmoney – go to to create an account
  • Perfect Money - can be funded with Western Union and MoneyGram. Go to to create an account.
  • Local Bank Transfer or cash deposit in South Africa. 
  • International Wire Transfer

Monday, 20 May 2013

Ghost Protocol

redpill Agent now with Ghost Protocol!!

What is Ghost Protocol?

Ghost Protocol is not a new spy program or a different version of redpill Agent. When Ghost Protocol is activated, a specific protocol (set of rules and procedures) is used to create the install module of redpill Agent that greatly reduces the risk of detection and removal by anti-virus software.

Why is Ghost Protocol needed?

Initially the idea of redpill Agent was for an ethical hacker, private detective or the victim of infidelity, to do targeted installations on remote computers of specific targets.

The problem is that some cyber criminals use redpill Agent to install on random computers in a phishing type approach. This exponentially increased the number of installations of redpill Agent.

The more installations of a spy program there is, the easier it is for anti-virus companies to detect and remove the spy program.

Ghost Protocol takes care of this problem.

How Ghost Protocol works

A redpill Agent customer can at any time log into his redpill Agent account to create an install module. Without Ghost Protocol, the install module will be created as usual.

If Ghost Protocol is active, the install module will be created with a unique set of rules and procedures that will result in an install module that is more unique and more difficult to detect. This is achieved by limiting the special created module to customers who activated Ghost Protocol and also breaking up this group further into very small unique batches.

Note: redpill Agent can still be detected by some anti-virus companies as suspicious by looking at the behavior of the program but will greatly reduce the risk of detection by the ‘fingerprint detection’ method.

How to enable Ghost Protocol

New customers will automatically have access to Ghost Protocol for a period of 20 days. Older customers can activate it by paying a small fee. From your redpill Agent account, simply click on the ‘Activate Ghost Protocol’ button.

Why does redpill Detective not have Ghost Protocol?

redpill Detective does not have the same problem as redpill Agent as customers are limited to one installation per license.

Monday, 22 April 2013

Installing Spy Software with a link

We previously posted a similar article on how to install spy software (key logger) with a link. In that article we explained that you need to set up a website for this. Thanks to Google Drive, this is no longer needed. Installing a spy program with a link is now much easier.

How to install spy software using Google Drive:

Step 1: Create a gmail account.

When you create a gmail account you will automatically get a Google Drive account as well.

Step 2: Get a redpill Detective account from redpill

Go to to find out more about redpill Detective. Make sure you only purchase from redpill ( as there are some fake websites selling redpill Detective.

Step 3: Embed the install module into a WordPad file.

Log into your  redpill Detective account and download your install module. Embed the install module into a WordPad file.

You can simply drag and drop the install module into the wordpad file. The file needs to have an rtf extension. You can also add some text to convince the target to click on the embedded install module.

Step 4: Upload the file into Google Drive

After you uploaded the file into Google Drive, click on Sharing and select ‘Public on the Web’.

Google will provide you with a link. Copy that link … you will need it later.

Step 6: Email the Target the Link
Type your email and add some text that you want to use as the link text (see below).

Highlight the text for the link and click on the hyperlink icon at the bottom. Paste the link that you copied into the URL address.

Send the email.

When the target receives the email and clicks on the link, he will be able to download the install module.

When he double clicks on the virus removal tool icon, the spy software will secretly be installed.

You will immediately start to receive data that you can view in your redpill Detective account.

Sunday, 7 April 2013

redpill now accepts Liberty Reserve payments

redpill have been supporting various forms of payment including credit cards and paypal for some time now. From today redpill will also be accepting Webmoney and Liberty Reserve payments.

To purchase using Webmoney or Liberty Reserve simply go to and click on Purchase. Select the ‘Webmoney / Libery Reserve’ payment option.

Saturday, 9 March 2013

How to remotely install spy software

Update (2015/07/07): 
redpill now has a new and better product for installing spy software remotely:
redpill Hacker
You can also have a look at newer articles with better tools at:

In a previous article we discussed how to get usernames and passwords from other users on a computer you have access to. We will now look at how to install spy software on a computer you do not have access to … even if the computer is on the other side of the world.

Step 1: Get quality Spy Software

You will need quality spy software that can be remotely installed and is not easily detected and removed by anti-virus. There are a couple of key loggers that can be installed remotely, but very few that can secretly be remotely installed.

redpill Detective has been designed to be covertly installed on a computer anywhere in the world.

To get our account go to

Step 2: Create your install module.

Log into your redpill Detective  account and click on ‘Create Install Module’. You will be able to choose from a couple of examples or even create your own one. We will choose the ‘Virus Removal Tool’ option.

We need to convince the target to run the attachment that we will email him.  For a cover, we will tell the target of a new terrible virus that cannot be detected or removed by standard anti-virus. A good idea is to choose something that is currently in the news like the Red October Virus.

To better fit our ‘cover’ we just change the initial and final message the target will see.
Initial Message: Searching for Red October Virus …
Final Message: Red October has successfully been removed.
That is it, we now just click on ‘Create Module’ and the install module we created will be downloaded. If prompted, click on Save and not Run. The module will be saved in the folder you selected or your Downloads folder.

Step 3: Create the attachment

Some email services will not allow you to send an application (exe file) as an attachment. You will either need to zip the file or embed it into wordpad. A few email services like Gmail does not even allow you to send an application file if it is zipped. If your target is using Gmail, you will need to embed the file into a wordpad file.

As our target is using Gmail, we will embed it into wordpad. We simply open Wordpad (NOTE: Wordpad under accessories and NOT Microsoft Word) and type some text to convince the target to click on the icon that we will add. We then simply drag and drop the application from the folder into the wordpad document.

Step 4: Email the attachment

We now simply attach the wordpad file to the email and in our email we again make sure that we convince the target that the virus is very dangerous and his only option is to immediately run the attached removal tool to make sure his computer is not infected.

If you click on the image above in step 3 you will notice that we prepared the target for the fact that he will probably get a warning from his anti-virus and/or Windows.

When the target double click on the icon in the file, it will look like a Virus Removal Tool is searching for a virus but the spy software will secretly be installed.

Step 5: Monitor the target

You can now log into yourredpill Detective account and see exactly what the target is doing. We can see in the live screen that the target is logging into his Gmail account.

If we click on key data we can see his username and password.

Saturday, 16 February 2013

How to get a username and password

Update (2015/07/07): 
redpill now has a new and better product available:
redpill Hacker

You can also see more up to date articles at:


This article will explain how to get a username and password for an email account like gmail or yahoo or a social network account like facebook.

In this article we will focus on getting a username and password of another user (the target) on a computer that you have access to. In a following article we will explain how to get a username and password from someone that works on a computer that you do not have access to that might be in another part of the world.

Step 1: Install a key logger

You will need to download and install a key logger that is not easily detected by anti-virus software and that is completely hidden and discreet
redpill Spy is a good choice as it is free, does not expire, is completely hidden and discreet and has the best record for staying undetected by anti virus software.

You can download redpill Spy from the redpill website (click on downloads).

After you installed the key logger, follow the instructions on how to open it and change the default password to open it.

Step 2: Wait for the target to log in.

You then need to wait for the target to log into his/her email account and/or social network account. Even if the user works on another Windows account on the computer everything he or she does will still be recorded.

Step 3: Get the username and password

After the user worked on the computer and when you have some time alone at the computer, open redpill Spy. Select the user account that the target used and click on the Key Log tab.

It will be easy to see the username and password. For a facebook username and password just look for the Window Title that says 'facebook log in'. The username and password will be in the text below (click on the image above to enlarge it).

Note that if the user used TAB to go from the username to the password, the username and password will be separated by [TAB]. If the user used his/her mouse, then the username and password will be combined but it should still be easy to see where the username ends and the password begins.

Monday, 28 January 2013

How does keyloggers get past anti-virus?

Most spy programs gets detected and removed by anti-virus software and security tools. redpill is one of the few (if not the only) spy software company that is continually managing to stay under the radar.

How do the redpill Spy Software Products manage to get past anti-virus packages?

First, let’s look at how anti-virus packages detect spy software and key loggers.

There are two main ways how anti-virus packages detect malware and spy software:

Fingerprint Detection:
Anti-virus companies have databases of know malware and spy software that is updated daily (virus definition files). The anti-virus software then looks for a fingerprint … a piece of code that would be unique to the specific spy program inside each file.

Behavior Detection:
Each anti-virus package has its own name for this technique (Bloodhound, Sonar Detection, Sandbox Testing, etc). In short, the software will not only look at what the program is doing, but also execute pieces of code of the program in a safe (sandbox) environment too see what it is capable of doing.

Even if the key logger or spy program is a new program, it can still be detected and removed by anti-virus software.

How does redpill then manage to get past most anti-virus packages?

redpill has a unique set of counter detection techniques to avoid detection by both the fingerprint detection method as well as the behavior detection method. For obvious reasons we can’t discuss how these techniques work but redpill is continually busy improving these techniques.

Can redpill get past all anti-virus packages and security tools?

At the end of the day, the redpill spy products still need to perform some ‘red flag’ operations like logging keys, taking screenshots, transmitting data and restarting after a reboot. Although redpill employ some advanced and unique techniques to camouflage these actions, it is impossible to hide them completely as they need to be performed.

For that reason it will always be possible for the more advanced anti-virus packages and security tools to detect, remove or block redpill products.

redpill still get past most, as these advanced detection products that can detect or block redpill products are not very popular due to a large percentage of false positives from these products.

What to do if your redpill product is detected or removed

If your redpill product is detected or removed by your anti-virus, download and install the latest version (for redpill Spy) or install again using a new install module (for redpill Detective and redpill Agent).

Never use an old install file or install module. Even if the version number is the latest, redpill products are continually updated to prevent detection.

Friday, 11 January 2013

Are spy software and key loggers legal?

Is spy software like redpill Spy legal?

YES! The software itself is not illegal. It is however possible to use the software in an illegal manner.

In most countries it would be illegal to install spy software on a computer you do not own. In some countries you would also be required to inform your employees if you are going to monitor their computers. There are obviously exceptions to these rules and would depend on the specifics of the case.

Examples of where it would (normally) be legal:
  • If you want to monitor your employees working on your computers.
  • If you want to monitor your children to protect them from the dangers of the internet.
  • If you install it on you home computer even if you are not the only one using the computer.
  • If you are doing official penetration testing for a company.

Examples where it would usually be illegal:
  • It would be illegal if you install spy software at an internet cafĂ© with the purpose of stealing credit card or other personal information.
  • If you remotely install spy software on a computer at a company with the purpose of committing industrial espionage.

Please always respect people’s privacy and do not use redpill software illegally.