Virtual Machines are virtualized computers used for multiple purposes. They are basically a PC in your PC and require virtualization software and the virtualized PC or an operating system. We use them for a variety of purposes. Some of them are used to provide a secure, sandboxed environment for the scammers to connect to, without harming your host PC with all your personal files. Another purpose is the use of highly customized operating systems that contain tools and software used for scambaiting research, penetration testing, or other IT-security-related tools. To run a virtual machine, your computer needs to have somewhat recent specs, such as at least 8 GB of RAM, about 25 GB free disk space to accommodate the software itself as well as the virtual machines and a decent CPU such as an Intel i5-7xxxx or an AMD Ryzen 5 2600 or better.

Windows 10 Scambaiting VM (2024)

If you don’t want to go through all the hassle of disguising a virtual machine and getting it ready, then look no further. In this post, I present my pre-made scambaiting virtual machine and its required software.
I re-created the previous 2022 scambaiting virtual machine from scratch since it has been widely used by many scambaiters (1200+ downloads) as well as a couple of YouTube scambaiters. This is a fully ready vm with everything fully disguised and hidden based on Windows 10 Pro. This virtual machine works with VMware Workstation Pro which you can now get for free after the owner Broadcom decided to release it for free for personal use. You just need to follow the steps below and start scambaiting right away. The default user is Robert, the password is 0808. You can change/modify the virtual machine to your liking but don’t forget to make a snapshot of the vm to be able to restore it after every bait!
Feel free to leave feedback and feature requests here so I can improve on it and release even better versions in the future.

Features:

✅All devices renamed in Device Manager
✅Increased capacity of the hard drive to 500GB to make it more plausible
✅VMware Tools hidden and associated processes and services renamed/disguised
✅Custom BIOS to remove any mentions of VMware in msinfo32 and dxdiag
✅Windows Updates disabled to prevent it from loading updates when you actually want to bait
✅Windows Defender fully disabled, even after restart, to prevent it from messing with your “stuff”
✅Windows 10 Telemetry disabled
✅Fake printer added to bait printer support scammers and to simulate printer problems
✅Camera app will show looped video of old man looking into the webcam in case scammer try to check
✅Many programs installed by default
✅Extensive, believable Chrome browser history
✅Huge collection of personal files, most of them openable, some include subtle easter eggs
✅Wallpapers included in Images folder, just right-click “Set as Wallpaper” to apply
✅Included Moo.FuckScreenConnect which allows you to see the screen even if scammers use the black screen feature in ScreenWise ScreenConnect and other remote access software
✅Included Moo.NoBlockInput to allow you to still use mouse and keyboard even if scammers blocked that
✅Included a local fake popup available under the “Micerosoft” link at the desktop

How to install:

  1. Download VMware Workstation Pro 17.0
    1.1 Create a Broadcom account at https://profile.broadcom.com/web/registration
    1.2 Login into your account and go to the following link and click on the “VMware Workstation Pro 17.0 for Personal Use (Windows)” Option. Select the newest release.
    https://support.broadcom.com/group/ecx/productdownloads?subfamily=VMware+Workstation+Pro
    1.3 Tick that box in the upper right corner and click on that cloud download button. It may prompt you to do some “screening”, just fill it out with some random data and proceed. Then you should come back to the same page and the download button should be available.
    1.4 Download and install VMware Workstation Pro 17
    1.5 Once installed, start the software. There should be a screen asking you to choose from two options, personal use or commercial use with a field to input a license key. Here, select the personal use option. If that screen doesn’t come, reboot your PC and start VMware again.
  2. Download and install 7-Zip at https://7-zip.org/
  3. Download the virtual machine at 17.35 GB file on MEGA
  4. Extract the virtual machine from the downloaded archive by right-clicking it, selecting 7-zip in the context menu and then extract the folder where you want your virtual machine to be.
  5. Open VMware Workstation Pro and click on ‘Open’ and select the .vmx file. It should get imported and then you can power it up and you’re ready to go!
  6. Optional: customize your virtual machine, change the wallpaper, install more software up to your taste, install a fake bank, either DSJAS (How to set up your very own fake bank website, right on your own machine) or Sinister Spatula’s Responder Online (Responder Online Plug-in Install (for scambaiting) update v3.0.0. #fakebank). I couldn’t include those in the virtual machine because DSJAS requires setup on your host PC that I obviously cannot configure and Sinister Spatula’s Responder Online is paid and I can’t use the same license for everyone. Don’t forget to take a snapshot of the virtual machine once you are ready.

Credits and Resources used:

Windows 11 Scambaiting VM

If you don’t want to go through all the hassle of disguising a virtual machine and getting it ready, then look no further. I present my pre-made scambaiting virtual machine and its required software. This virtual machine is based on Windows 11 Insider Preview. I created this virtual machine for VMware Workstation Pro which is free for download since the recent decision by its owner Broadcom.

Instructions:

  1. Download VMware Workstation Pro 17.0
    1.1 Create a Broadcom account at https://profile.broadcom.com/web/registration
    1.2 Login into your account and go to the following link and click on the “VMware Workstation Pro 17.0 for Personal Use (Windows)” Option. Select the newest release.
    https://support.broadcom.com/group/ecx/productdownloads?subfamily=VMware+Workstation+Pro
    1.3 Tick that box in the upper right corner and click on that cloud download button. It may prompt you to do some “screening”, just fill it out with some random data and proceed. Then you should come back to the same page and the download button should be available.
    1.4 Download and install VMware Workstation Pro 17
    1.5 Once installed, start the software. There should be a screen asking you to choose from two options, personal use or commercial use with a field to input a license key. Here, select the personal use option. If that screen doesn’t come, reboot your PC and start VMware again.
  2. Download and install 7-Zip at https://7-zip.org/
  3. Download the virtual machine at https://mega.nz/file/hw8RFIxa#G4gDs7VpiFylpf7bUof59roPgvMuaxpwLZ3RBP8Z5Wg
  4. Extract the virtual machine from the downloaded archive by right-clicking it, selecting 7-zip in the context menu and then extract the folder where you want your virtual machine to be.
  5. Open VMware and click on ‘Open’ and select the .vmx file.
  6. (Optional) I set RAM to 4 GB, depending on how much physical RAM you have installed, change it up to 8 GB for better performance. Don’t assign more than 50% of your physical resources to the VM. The default user is Joe, the password is 0808. Also, I included a fake popup if you need one. It’s located on the desktop as ‘Micerosoft’ link. You can edit the number in the HTML.

Version 1.0 (2021-10-11): initial release
Version 1.1 (2021-10-12):

  • fixed the Task Manager saying “Virtual Machine: yes”
  • fixed Installed Programs showing VMware Tools

Credits:
– Windows 11 Insider Preview by Microsoft
– Jim Browning [Tutorial] How to make a stealthy Virtual Machine at https://youtu.be/6TM45vNI4Qc
– Lost Key who created an easy-to-use batch script: https://pastebin.com/hRsC5a8h
– UFO Pilot’s fake msinfo32: https://scambait.club/upscambaittools/upmsinfo32
– Firefox Browser History generator: https://trackthis.link
– Cyberror Scambaiting Guide: https://web.archive.org/web/20210214220701/https://cyberror.com/how-to/scambaiting-guide/

Kali Linux

Kali Linux (formerly known as BackTrack Linux) is an open-source, Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali Linux contains several hundred tools targeted towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics, and Reverse Engineering. Kali Linux is a multi-platform solution, accessible and freely available to information security professionals and hobbyists. It also contains software, namely Maltego, used for OSINT investigations and thus is interesting for us scambaiters.

Tracelabs OSINT VM

The Trace Labs team created a specialized OSINT VM specifically to bring together the most effective OSINT tools and customized scripts we saw being used during our Search Party CTF’s. Inspired by the infamous Buscador VM, the Trace Labs OSINT VM was built in a similar way, to enable OSINT investigators participating in the Trace Labs Search Party CTF’s a quick way to get started and have access to the most popular OSINT tools and scripts all neatly packaged under one roof.