New Ways to Steal QQ Accounts

Dec 14, 201930

AI Translation

This post is translated from Chinese into English through AI.View Original

AI-generated summary

The author recounts an incident where, after watching a game replay, they found that a DOC file had been sent to a friend from their QQ account without their knowledge. They quickly changed their password and enabled device lock. Upon investigating, they discovered that their account may have been accessed through QQkey, which sent a virus file to others. The author plans to analyze the virus file in a virtual machine. They later realized that the login IP was from their own server, which had been compromised for years, indicating a backdoor vulnerability.

Around 1 AM, after just finishing watching the replay of a King of Glory match, I was about to log into QQ to chat a bit before going to sleep. Unexpectedly, when I logged into QQ, I saw that I had inexplicably sent a DOC file to a friend.

I immediately changed my QQ password and enabled device lock, then tried to download that doc file, but it was blocked by the Windows 10 firewall. After that, I checked the login IP, and it was the same as my local one.

I studied it a bit and estimated that someone used QQkey to log into my QQ and sent a virus file to others. I’ll check the virus file in a virtual machine when I have time.

Virus file: https://share.weiyun.com/5rG26i5

I heard that clicking on it will lead to account theft, and I don’t know what kind of black technology that is. I also don’t know how it checked my usual login locations; the login IP is also from Guangzhou.

Update 2019.12.16

I suddenly discovered that the login IP is my own server, which has been running a QQ score boosting program for years. This is the first time this has happened... Turns out there was a backdoor.