Trojan steals Gmail passwords – and charges for it
Nobody wants to lose their e-mail. So, for Gmail users, G-Archiver seemed like a great buy. For $US 29.95 this shareware app will make a duplicate of your Gmail account on your hard disk, for as many accounts as you like. What its users didn't count on was that G-Archiver's authors helped themselves to your Gmail username and password too.
Nobody wants to lose their e-mail. So, for Gmail users, G-Archiver seemed like a great buy. For $US 29.95 this shareware app will make a duplicate of your Gmail account on your hard disk, for as many accounts as you like. What its users didn't count on was that G-Archiver's authors helped themselves to your Gmail username and password too.
A Gmail user, undoubtedly part of the G-Archiver development team, if not the author himself, called John Terry had hardcoded their Gmail username and password into the source code. And then he noticed every time a user ran G-Archiver and added a new Gmail account the program would e-mail these credentials to John Terry's mailbox! This very code was clearly visible within the file SM.dll installed by the software:
No comments:
Post a Comment