Gdog Backdoor uses GMAIL as Command and Control server + DOWNLOAD

Malware is evolving and the perfect example is the Gdog backdoor which uses Gmail as a command and control server.

The developers behind Gdog say that they were inspired to create a working RAT which uses the Google mail service as a command and control server after they saw the work of Bytebl33der his project called “gcat”.

The Gdog backdoor can be crafted by installing the Gdog python client.

The client needs the following Python version / modules:

  • Python 2.x
  • PyCrypto module
  • WMI module
  • Enum34 module
  • Netifaces module

The Gdog backdoor is capable of:

  • Encrypted transportation messages (AES) + SHA256 hashing
  • Generate computer unique id using system information/characteristics (SHA256 hash)
  • Job IDs are random SHA256 hashes
  • Retrieve system information
  • Retrieve Geolocation information (City, Country, lat, long, etc..)
  • Retrieve running processes/system services/system users/devices (hardware)
  • Retrieve list of clients
  • Execute system command
  • Download files from client
  • Upload files to client
  • Execute shellcode
  • Take screenshot
  • Lock client’s screen
  • Keylogger
  • Lock remote computer’s screen
  • Shutdown/Restart remote computer
  • Log off current user
  • Download file from the WEB
  • Visit website
  • Show message box to user

The developers of Gdog state that you will need to use a dedicated Gmail account if you are going to use the Gdog backdoor.

For this to work you need:

  • A Gmail account (Use a dedicated account! Do not use your personal one!)
  • Turn on “Allow less secure apps” under the security settings of the account.
  • You may also have to enable IMAP in the account settings.




Share this info: