3 min read

Gmail Hacking App Leaves you Locked on the Outside

Bogdan BOTEZATU

August 10, 2010

Gmail Hacking App Leaves you Locked on the Outside

During the last few months we`ve seen quite a lot of do-it-yourself hacking tools such as the Twitter Botnet Creator or the nifty iStealer password collector. Today`s specialty is an alleged Gmail application designed to “hack other users` accounts” ” an offer too good to refuse, especially if you`re a jealous lover or a control freak.

The application we`re going to dissect is a .NET executable (Visual Basic .NET) which seems to be strikingly similar to the previously mentioned pieces of malware. A closer look at the code reveals that all three creations share the same origin, namely the leaked source code of iStealer. Other similarities include the presence of a bootstrap utility and a stub file that actually contains the payload.

As users pop the utility open, they are prompted to enter their e-mail address and the associated password, which will be used by the application to send them the victims` passwords. Once the process is complete, a click on the Build button creates an executable file that needs to be distributed to the victim. This custom binary is in fact the stub.exe file with the entered credentials saved in the new file`s overlay.

Gmail Hacker Builder

The Gmail Hacker Builder application

Google Custom Hacking Tool

The custom “hacking tool”

The custom Gmail creator is nothing but a phishing tool designed to lure users who`d like to find out their friends` Gmail passwords into actually disclosing theirs. When run, the application will send the data entered in the outlined fields to the address specified in the Gmail Hacker Builder application. Since it can`t actually hack anything, the application will crash with an ambiguous error:

Gmail Hacker Tool error - Google Mail Phishing

This kind of pre-created “hacking tools” are blindly thrown on file-sharing hubs and torrent portals in the hope that some unwary victims will actually pick them and try to use them against their friends. These tools are even advertised through how-to hack movies posted on popular video sharing services, along with download links to the bombed binary.

BitDefender detects the threat as Trojan.Generic.3102024 and blocks the executable file before it is able to trick the users into disclosing their credentials. In order to stay safe, don`t forget the following ground rules:

  • Never accept and run so-called hacking tools via IM; the friend who`s sending them might set you up with a nice decoy.
  • Never download this kind of tools; they are useless and pose a huge security risk to your system. E-mail or IM service providers never save users` passwords in plain text, but rely on various hashing algorithms (with or without “salting”) to ensure that the authentication is done one-way (no one can find out the password, even if they get the hash). Bottom line: these tools will NEVER work as advertised, but will surely snatch your account username and password, along with other damage they may inflict.
  • Never stop your antivirus if it prevents you from accessing a file. If you have any doubt about the alert being a false positive, submit it via the application`s support request system. It will be carefully inspected to see whether it is legit or not. Putting your shield to sleep may get your privacy blown.

Note: All trademarks or product names contained herein are registered trademarks of their owner companies.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read