New Method of QQ Account Theft

Dec 14, 201924

AI Translation

This post is translated from Chinese into English through AI.View Original

AI-generated summary

The author encountered a new method of hacking QQ accounts. They received a mysterious DOC file from a friend and suspect that their account was accessed using QQkey. They changed their password and enabled device lock. The author believes that the DOC file contains a virus and plans to analyze it on a virtual machine. They provide a link to the virus file and mention that clicking on it can lead to account theft. The author also discovers that their login IP is their own server, which has been used for QQ account boosting. They realize that there is a backdoor in their server.

Around 1 o'clock in the morning, just finished watching a replay of a game of Kings of Glory, and was about to go on QQ to chat before going to bed. Unexpectedly, when I logged into QQ, I saw that I had inexplicably sent a DOC file to a friend.

Immediately, I changed my QQ password and enabled device lock. I tried to download that DOC file, but it was blocked by the Windows 10 firewall. After that, I checked the login IP, and it was the same as my local IP.

After some research, I think someone used QQkey to log into my QQ account and send a virus file to someone else. I will take the virus file to a virtual machine to check it when I have time.

Virus file: https://share.weiyun.com/5rG26i5

I heard that clicking on it will result in account theft, but I don't know what kind of black technology it is. I also don't know how they checked my usual login location, and the login IP is also in Guangzhou.

Update 2019.12.16

Suddenly, I found out that the login IP is my own server, which has been used for QQ boosting for a few years. This is the first time something like this has happened... Turns out there was a backdoor.