Google Spearphishing attack installs malicious app

Google Spearphishing attack installs malicious app

On Tuesday May 3rd a massive spearphishing campaign targeted Google users by sending a link to a fake “Google Docs” app that downloads a malicious app to your device.

The links are spread through an email that comes addressed to you and “hhhhhhhhhhhhhhhh@mailinator.com.” The link looks legitimate and asks you to allow it permission to access your Google account.

The spam message not only accesses your Google account, it also sends itself to anyone you have as a contact. In addition it bypasses Google’s login alerts and Two Factor Authentication, granting access without setting off any alarms if you approve installation.

If you have received the email that looks like the image above, delete it immediately. If you clicked on it and gave it permissions on your device you need to immediately revoke permissions from the fake app and start changing passwords for anything associated with the email the phishing attack was sent to.

Redditor JakeStream has provided an excellent step-by-step explanation of what the infection process looks like and how to minimize the impact of the attack if you’ve been hit.

Since so many people have been compromised by this attack and since the malicious link is so hard to distinguish from a legitimate link to Google it is safest to refrain from clicking on shared Google documents in the near future.

Google has stated that the malicious page has been disabled and that they are investigating the attack. If you believe that your account has been compromised you can go to the Google Security Checkup page and follow the instructions there to secure your account.

Again if you clicked on the phishing email or if you believe that you were compromised you need to change the passwords for any accounts associated with the email that was attacked. At the moment no one is sure what, specifically, this spearphishing attack was targeting but it likely collected a tremendous number of emails, contact lists, and gained unprecedented access to Google accounts.

If you are concerned that you may have been compromised in this attack and want help to ensure that your computer is clean and secure, please give PMCS a call at (818)957-5647 and we can help you clear your computer of any viruses and recover from an attack.