A large-scale phishing attack has affected about 1 million Gmail users.

Source: Techcrunch

For a couple of days, Internet users have been receiving messages in Gmail with a link to a certain Google Docs document inside. This link should not be clicked even if the message came from a familiar person. The fact is that this link is sent by malicious software created by an unknown while team of cybercriminals. Everything looks quite innocent: someone (say, your boss, colleague or friend) shares a link to a document via Gmail. If you click on the link, then malicious software can get access to the victim's Gmail account.

This malware, among other things, analyzes the contact list of users and starts spamming. In addition, malware also "reads" the letters of the victim and "responds" to these letters. This phishing attack is dangerous, because links to documents in Google Docs come from familiar people, in many cases - as a response to a letter sent earlier.

True, an attentive user will notice some nuances when clicking on a link. Namely - the “document” requests access to certain functions of the user account. A regular Google Docs document does not behave this way. But if you don’t know about it (and most users don’t know or don’t think), the “document” will not cause suspicion. That's the problem - so many users click on the link and without problems give malware everything that it requests.
')

Source: reddit

The most interesting thing is that the malware can bypass two-factor authentication. His actions also do not cause suspicions in the Google security system - users do not receive any messages about unusual account activity. Well, since malware receives the highest level of access to the account from the user, attackers can get any information that they enter.

If suddenly you are among the victims, then it is necessary, first of all, to revoke permissions to access the account from the malware. If this software has already managed to send letters to your contacts, it is worth writing them “after”, explaining the situation. If you receive messages with the mentioned links, then you should also write to those who send them to warn affected users about the danger.

At the time of the publication of this material, Google has already announced the elimination of the problem, but still it is worth being on guard. Now, perhaps, the distribution of links of this type has become impossible , but before the problem was fixed by the company, malware sent out hundreds of thousands of such messages.

Google Inc. has officially stated the following: “We have taken measures to protect users from email account compromises by Google Docs links, by removing the ability to access accounts. We also removed the fake pages and provided updates via Safe Browsing . Our team is working to prevent this from now on. We ask users to report such situations. ”

A company representative also made a statement, according to which only 0.1% of Google services users suffered. But this is quite a lot, it turns out that about 1 million people suffered from the actions of the attackers. And this is despite the fact that Google has eliminated the vulnerability and the malicious software itself just an hour after the attackers started working.

The company also stated the following: “We protected our users from these attacks using automatic actions and working“ manually ”. These actions involve the removal of fake pages and applications ... A study of the situation showed that other data were not affected. Users do not need to take any further action in light of what happened. ”




View a list of applications and services that have access to your account here .

The actions of the company's employees were quick and effective, but still the question arises - how many more vulnerabilities can attackers use this type? In any case, you can solve the problem without Google, if you are careful, but in the process of active work on something you can simply not pay attention to the weirdness of the incoming message and click on the link, confirming access. No one is immune from this.