刑事技术2024,Vol.49Issue(2):203-208,6.DOI:10.16467/j.1008-3650.2024.2007
利用QQ ClientKey实施鱼叉网络钓鱼诈骗的技术分析
Technical Analysis of Spear Phishing Scams Using Leaked QQ ClientKey
摘要
Abstract
Recently,there have been instances of corporate financial personnel being defrauded in QQ group chats.The primary method employed by the criminals involves illegally obtaining QQ login permissions to gain control over user group operations.They then add the compromised account to a pre-set"work"group and wait for the account owner to log in.Upon logging in,the victim would find familiar contacts,such as his boss,in the pre-set group and receive instructions to transfer funds,ultimately resulting in fraud.Through our investigation and analysis of a real case,we discovered that these types of scams are spear-phishing attacks executed through the leakage of QQ account ClientKey information,supported by a corresponding QQ gray industry.This paper,using the evolution of QQ gray market as a backdrop,provides a detailed analysis of the complete technical architecture of this gray market.It presents methods for inspecting trojans that steal account information and mirrored servers,including ways to bypass the challenges posed by disguised source code settings in mirrored server images,and summarizes key evidence points.Lastly,through local co-debugging,we verified the coupling of the account-stealing trojans and mirrored servers,while also highlighting the security risks inherent in the current QQ fast login feature to a certain extent.关键词
电子物证/QQ ClientKey/鱼叉网络钓鱼/诈骗案件Key words
electronic forensic/QQ ClientKey/spear phishing/fraud crimes分类
社会科学引用本文复制引用
李佳斌,徐炼,俞浩淼,王小强,刘松..利用QQ ClientKey实施鱼叉网络钓鱼诈骗的技术分析[J].刑事技术,2024,49(2):203-208,6.基金项目
杭州市农业与社会发展科研计划重点项目(202004A06) (202004A06)
