During the last few months we`ve seen quite a lot of do-it-yourself hacking tools such as the Twitter Botnet Creator or the nifty iStealer password collector. Today`s specialty is an alleged Gmail application designed to “hack other users` accounts” ” an offer too good to refuse, especially if you`re a jealous lover or a control freak.
The application we`re going to dissect is a .NET executable (Visual Basic .NET) which seems to be strikingly similar to the previously mentioned pieces of malware. A closer look at the code reveals that all three creations share the same origin, namely the leaked source code of iStealer. Other similarities include the presence of a bootstrap utility and a stub file that actually contains the payload.
As users pop the utility open, they are prompted to enter their e-mail address and the associated password, which will be used by the application to send them the victims` passwords. Once the process is complete, a click on the Build button creates an executable file that needs to be distributed to the victim. This custom binary is in fact the stub.exe file with the entered credentials saved in the new file`s overlay.
The Gmail Hacker Builder application
The custom “hacking tool”
The custom Gmail creator is nothing but a phishing tool designed to lure users who`d like to find out their friends` Gmail passwords into actually disclosing theirs. When run, the application will send the data entered in the outlined fields to the address specified in the Gmail Hacker Builder application. Since it can`t actually hack anything, the application will crash with an ambiguous error:
This kind of pre-created “hacking tools” are blindly thrown on file-sharing hubs and torrent portals in the hope that some unwary victims will actually pick them and try to use them against their friends. These tools are even advertised through how-to hack movies posted on popular video sharing services, along with download links to the bombed binary.
BitDefender detects the threat as Trojan.Generic.3102024 and blocks the executable file before it is able to trick the users into disclosing their credentials. In order to stay safe, don`t forget the following ground rules:
Note: All trademarks or product names contained herein are registered trademarks of their owner companies.