In early May, 2017, unknown anonimus hackers launched a very unusual phishing campaign against Gmail users. The attackers exploited legitimate Google services and functions, masking their activity under links to Google Docs documents. Malicious emails using scammers to gain access to other Gmail accounts and contact lists were spreading at great speed, like a worm.
Fortunately, the mass epidemic was avoided, as Google employees managed to cope with the problem in a matter of hours. Now it’s time to take stock of what happened and take action so that this does not happen again. So, last week it became known that the application Gmail for Android will receive a special anti-phishing “stub”. This feature should prevent instant jumping of potentially malicious links.
At the same time, researchers remind that warnings about the possibility of conducting such phishing attacks sounded five years ago. So, back in October 2011, researcher and developer André DeMarre told in the IETF newsletter that such a problem could arise. Also, according to Trend Micro analysts, similar schemes of attacks have long been adopted by groups of “government hackers”, for example, Pawn Storm (they are also Fancy Bear, APT28). Experts write that the attackers created a fake application called Google Defender and exploited “the same legitimate OAuth connection to take advantage of users’ ignorance of how these services work.”
And although now Google experts say that the attack affected only 0.1% of Gmail users, the May incident clearly demonstrated that it is necessary to strengthen security measures.
“We are taking a number of steps to better cope with such attacks in the future, including revising our policy regarding the use of OAuth in applications, updating anti-spam systems that help prevent such campaigns, and strengthening monitoring for suspicious third-party applications that request information Users, “the company said.