This program is designed for scambaiters to put on scammers' computers (and run them remotely). It will open an HTA file in full-screen and automatically reopen it if it gets closed. It will also copy itself to the startup folder, so it will still show up even if the scammer restarts their computer.
First, choose which HTA screen you want to use. You can download the entire repo, or you can go to the releases page to download a ZIP file of just one of the HTA screens.
Each HTA screen contains some files. Copy these files to a good location on the scammer's computer (somewhere other than Desktop, Documents, or Downloads so they can't easily find them) and remotely run lockdown.bat on their end.
The scammer's computer is now "locked".
If you press Alt+F4 on your keyboard, the HTA window will close. And then it will instantly reopen.
If you want to actually get rid of the program:
- Press the Windows key to temporarily reveal the taskbar and start menu.
- Right-click the
lockdown.batorldstartup.batbatch script in the taskbar and choose Close window. - You can now close the HTA window with Alt+F4.
- Remember to remove the shortcut from your startup folder.
- You should also delete the
C:\Lockdownfolder that was created.
To create your own HTA screen, start with the files in the Template folder. Modify the index.hta file however you want. This will be the HTA screen that gets opened on the scammer's computer.
If you want to preview the HTA screen, you can open index.hta directly instead of using the batch file. This will make things a lot easier because you won't need to manually remove the startup files each time.
If you include images in your HTA file, copy them to the same folder.
You will then need to modify lockdown.bat to account for the new filenames. Change the text background.png to the filename of the image you used.
If you used multiple images, add an extra line for each image. It should copy the image to C:\Lockdown. If you didn't use any images, you can remove the line that copies background.png.
NOTE: Do not try to use SVG images in your HTA file. MSHTA doesn't know how to render them and they simply won't appear.
This can be found in the HTA_CyberPolice folder.
When you click the mouse, a popup appears asking for a secret code.
This can be found in the HTA_JimBrowning folder.
When you click the mouse, a popup appears telling the user to "stop scamming and get a real job".
This can be found in the HTA_YouHaveBeenHacked folder.
When you click the mouse, a popup appears telling the user that they've been hacked. After clicking OK, the user is asked if they want to unlock their device. If you click cancel, the popup disappears. If you click OK, the following message appears:
If you want to unlock your device, you will need to refund all your victims, shut down your scam call center, and stop scamming innocent people. Until you stop scamming, your device will be stuck on this screen (and it will be unusable).
If you want to be sneaky, you can copy the files to the scammer's computer but leave them there without running them. You can then disguise it as an AnyDesk shortcut on their desktop.
This repository contains an icons folder that has ICO files for the icons of the most common remote access software. You can use these icons to create fake shortcuts.