A Weibo user, @linghuchongxudaozhang, once had the experience of downloading files in a QQ group. This experience caused him to lose his account, and also broke many people's illusion that the Win10 system is "invulnerable to all poisons".
Secret traps shared by QQ groups
Many netizens are accustomed to downloading files shared by colleagues or friends in QQ group sharing, thinking this is a relatively safe environment. This netizen happened to be in a group chat and saw an Excel document called "August Salary Schedule of Rich Company". Out of curiosity, he clicked download. The document disseminator accurately took advantage of people's snooping psychology for "internal information" and "other people's privacy" and set up such a bait.
After the file is downloaded, it appears as a normal table file icon. However, when the user tried to open it, the program did not open normally. On the contrary, the user's QQ software suddenly popped up a prompt of abnormal disconnection and asked to enter the password again. This series of consecutive abnormal operations caused some users with higher vigilance to begin to become suspicious.
Master of Disguise “QQ Armyworm”
What netizens encountered was a Trojan called "QQ Armyworm" that was specifically used to steal accounts. Its core method was to create a false appearance of being "offline". When the Trojan was run, it would forcibly interfere with the normal operation of the QQ program and pop up a phishing interface that looked almost exactly the same as the official login window. This forged window asked the user to enter their QQ account number and password.
No matter what the victim types in the forged window, even if it is a correct password, the window will prompt "Incorrect password, please re-enter". This design is to allow the victim to try multiple times, thereby increasing the probability of stealing the correct password, and at the same time, it also eliminates the user's doubts about making a mistake in the first input.
Chain crisis after account theft
Once the account password is obtained by hackers, the danger really begins. The hacker will immediately log in to the victim's QQ and browse the friend list and chat history to find valuable social relationships. Then, they usually send fraudulent messages to relatives and friends on the list in the name of the victim. The most common excuse is "urgent need of money" and asking the other party to transfer money to a designated bank card.
In addition to direct economic fraud, hackers may also send compressed packages or files with Trojan links, pretending to be "photos" or "information" to trick more friends into clicking, thereby expanding the scope of infection. Such secondary spreading behavior based on the trust of acquaintances is extremely harmful.
Win10 is not an iron wall
Many users, after upgrading their systems to Windows 10, have relaxed their cautious mental alert and feel that the Windows Defender equipped inside them is completely capable of resisting any form of threat. In fact, the improvement of Win10 security is mainly reflected in the increase in the system's underlying protection and the difficulty of exploiting vulnerabilities. However, for executable files that users actively download and run, there is usually no way to determine the specific intentions contained in them at the system level.
This means that if the user is deceived and clicks to run a virus-like program, many of the Trojans that existed during the Windows XP or Win7 period will still be able to operate normally in the Win10 environment and perform bad behaviors. Security software and system updates cannot completely replace the vigilance that users themselves should have.
The virus disguises itself under the cloak of hot spots
Trojans such as "QQ Armyworm" are highly disguised and highly time-sensitive. They will not use the same file name for a long time, but will update closely with hot social trends. For example, during the recruitment season, they will disguise themselves as "a certain company's interview list", during the holidays they will disguise themselves as "holiday benefit receipt forms", and after hot events they will disguise themselves as "relevant internal information".
This "cross-dressing" strategy greatly improves the success rate of deception because it hits the information points that people pay most attention to at a specific period. This makes the decoy file look legitimate and reduces the user's defensiveness. Hackers are well versed in social engineering and exploit human weaknesses rather than pure technical vulnerabilities.
Emergency response to account theft
If you notice that your QQ is abnormally disconnected, and after logging in again, you find that there are remote login records, or if your friends report that you have received suspicious information, you are most likely to have been tricked. The first step is to immediately log in to the QQ Security Center using your mobile phone or other secure means to appeal your account and force password changes. After changing the password, be sure to turn on secondary verification functions such as device lock.
The second step is extremely important, that is, you must immediately notify the people you often contact. The notification method can be a circle of friends, a WeChat group, or a text message or a phone call. You must make it clear to them that your QQ may have been stolen. , during this period, any information that involves borrowing money, transferring money, asking you for personal information, or asking you to click on a link is untrustworthy. Doing so can effectively cut off the chain formed by fraud, and thereby protect your relatives and friends.
Have you ever, or have any of your friends ever, almost been scammed because you downloaded some "tempting" file? Welcome to share your experiences and fraud prevention techniques in the comment area to remind more people. If you find this article useful, please like it and share it with your friends around you.
