Google Docs was pulled into a sneaky email phishing attack Attack.Phishing on Tuesday that was designed to trick Attack.Phishing users into giving up access to their Gmail accounts . The phishing emails , which circulated Attack.Phishing for about three hours before Google stopped them , invited Attack.Phishing the recipient to open what appeared to be Attack.Phishing a Google Doc . The teaser was a blue box that said , “ Open in Docs. ” In reality , the link led to a dummy app that asked users for permission to access their Gmail account . An example of the phishing email that circulated Attack.Phishing on Tuesday . Users might easily have been fooled Attack.Phishing , because the dummy app was actually named “ Google Docs. ” It also asked for access to Gmail through Google ’ s actual login service . The hackers were able to pull off the attack by abusing the OAuth protocol , a way for internet accounts at Google , Twitter , Facebook and other services to connect with third-party apps . The OAuth protocol doesn ’ t transfer any password information , but instead uses special access tokens that can open account access . However , OAuth can be dangerous in the wrong hands . The hackers behind Tuesday’s attack Attack.Phishing appear to have built Attack.Phishing an actual third-party app that leveraged Google processes to gain account access . The dummy app will try to ask for account permission . Last month , Trend Micro said a Russian hacking group known as Fancy Bear was using a similar email attack method that abused the OAuth protocol to phish Attack.Phishing victims . However , security experts said Tuesday's phishing attack Attack.Phishing probably was n't from Fancy Bear , a shadowy group that many experts suspect works for the Russian government . `` I do n't believe they are behind this ... because this is way too widespread , '' Jaime Blasco , chief scientist at security provider AlienVault , said in an email . On Tuesday , many users on Twitter , including journalists , posted screen shots of the phishing emails , prompting speculation that the hackers were harvesting Attack.Databreach victims ' contact lists to target more users . The attack Attack.Phishing was also sent Attack.Phishing through an email address at `` hhhhhhhhhhhhhhhh @ mailinator.com . '' Mailinator , a provider of a free email service , denied any involvement . Fortunately , Google moved quickly to stop the phishing attacks Attack.Phishing , after a user on Reddit posted about them . “ We ’ ve removed the fake pages , pushed Vulnerability-related.PatchVulnerability updates through Safe Browsing , and our abuse team is working to prevent this kind of spoofing Attack.Phishing from happening again , ” Google said in a statement . Security experts and Google recommend affected users check what third-party apps have permission to access their account and revoke any suspicious access . Users can do so by visiting this address , or performing a Google security check-up . Tuesday's phishing scheme Attack.Phishing will probably push Google to adopt an even stricter stance on apps that use OAuth , said Robert Graham , CEO of research company Errata Security . However , the internet giant has to strike a balance between ensuring security and fostering a flourishing app ecosystem . `` The more vetting you do , the more you stop innovation , '' Graham said . `` It 's a trade-off . ''

Yesterday we wrote about a “ Google Docs ” phishing campaign Attack.Phishing that aimed to trick Attack.Phishing you into authorising a malicious third-party Gmail app so that it could take over your email account and your contact list for its own ends . One of those ends seems to have been to spam out Attack.Phishing another wave of those same fraudulent emails to your friends and colleagues , in the hope of getting them to authorise the imposter app , and thus to send Attack.Phishing out another wave of emails , and another , and so on . Technically , that made it more than just a “ phish Attack.Phishing ” , which we ’ ll define very loosely here as an email that aims to trick Attack.Phishing , coerce or cajole Attack.Phishing you into performing an authentication task , or giving away personal data , that you later wish you hadn ’ t . The classic old-school example of a phish Attack.Phishing is an email that tells you that you have lost money to fraud Attack.Phishing , or gained money from a tax refund , so please use this web link to login to your bank account to sort this out . These days , however , the word phishing Attack.Phishing is generally understood much more broadly , describing any sort of misdirection Attack.Phishing that gets you to authorise or to give away something you should have kept private . Many users have learned to avoid login links in emails , so the crooks have broadened the range of threats and incentives by which they phish Attack.Phishing for access to your online life . This week ’ s so-called “ Google Docs ” attack could spread all by itself , helped on by users giving it the permission it needed along the way , just like the infamous Love Bug virus from 2000 , or the pernicious FriendGreetings adware from 2002 . Technically , then , that makes the “ Google Docs ” attack a virus , or more specifically a worm , which is a special sort of virus that spreads by itself , without needing pre-existing host files to hook onto .

Yesterday we wrote about a “ Google Docs ” phishing campaign Attack.Phishing that aimed to trick Attack.Phishing you into authorising a malicious third-party Gmail app so that it could take over your email account and your contact list for its own ends . One of those ends seems to have been to spam out Attack.Phishing another wave of those same fraudulent emails to your friends and colleagues , in the hope of getting them to authorise the imposter app , and thus to send Attack.Phishing out another wave of emails , and another , and so on . Technically , that made it more than just a “ phish Attack.Phishing ” , which we ’ ll define very loosely here as an email that aims to trick Attack.Phishing , coerce or cajole Attack.Phishing you into performing an authentication task , or giving away personal data , that you later wish you hadn ’ t . The classic old-school example of a phish Attack.Phishing is an email that tells you that you have lost money to fraud Attack.Phishing , or gained money from a tax refund , so please use this web link to login to your bank account to sort this out . These days , however , the word phishing Attack.Phishing is generally understood much more broadly , describing any sort of misdirection Attack.Phishing that gets you to authorise or to give away something you should have kept private . Many users have learned to avoid login links in emails , so the crooks have broadened the range of threats and incentives by which they phish Attack.Phishing for access to your online life . This week ’ s so-called “ Google Docs ” attack could spread all by itself , helped on by users giving it the permission it needed along the way , just like the infamous Love Bug virus from 2000 , or the pernicious FriendGreetings adware from 2002 . Technically , then , that makes the “ Google Docs ” attack a virus , or more specifically a worm , which is a special sort of virus that spreads by itself , without needing pre-existing host files to hook onto .

Yesterday we wrote about a “ Google Docs ” phishing campaign Attack.Phishing that aimed to trick Attack.Phishing you into authorising a malicious third-party Gmail app so that it could take over your email account and your contact list for its own ends . One of those ends seems to have been to spam out Attack.Phishing another wave of those same fraudulent emails to your friends and colleagues , in the hope of getting them to authorise the imposter app , and thus to send Attack.Phishing out another wave of emails , and another , and so on . Technically , that made it more than just a “ phish Attack.Phishing ” , which we ’ ll define very loosely here as an email that aims to trick Attack.Phishing , coerce or cajole Attack.Phishing you into performing an authentication task , or giving away personal data , that you later wish you hadn ’ t . The classic old-school example of a phish Attack.Phishing is an email that tells you that you have lost money to fraud Attack.Phishing , or gained money from a tax refund , so please use this web link to login to your bank account to sort this out . These days , however , the word phishing Attack.Phishing is generally understood much more broadly , describing any sort of misdirection Attack.Phishing that gets you to authorise or to give away something you should have kept private . Many users have learned to avoid login links in emails , so the crooks have broadened the range of threats and incentives by which they phish Attack.Phishing for access to your online life . This week ’ s so-called “ Google Docs ” attack could spread all by itself , helped on by users giving it the permission it needed along the way , just like the infamous Love Bug virus from 2000 , or the pernicious FriendGreetings adware from 2002 . Technically , then , that makes the “ Google Docs ” attack a virus , or more specifically a worm , which is a special sort of virus that spreads by itself , without needing pre-existing host files to hook onto .

The Russian antivirus maker says the leaked source code appears to be a high-quality product and the security firm is positive this will attract the attention of many cyber-criminals looking for a base to develop and deploy their own mobile malware . Android banking trojans are usually sold for thousands of dollars , or rented for similar high fees . The easily availability of this trojan might lead to a surge in banking trojans targeting Android devices , Dr.Web researchers warn . According to the company , the leaked source code has already been taken , tweaked and twisted into a new banking trojan named Android.BankBot , currently seen in live infections . The BankBot version detected in the wild appears to target only users of Russian banks . According to Dr.Web , the trojan will lie in hiding until the user opens mobile banking apps or social media apps . When this happens , the trojan shows Attack.Phishing fake login overlays , asking the user to reauthenticate or re-enter his payment card details , where appropriate . BankBot can phish Attack.Phishing for credentials using overlays for apps such as Facebook , Viber , Youtube , WhatsApp , Uber , Snapchat , WeChat , imo , Instagram , Twitter , and the Google Play Store . This data is collected Attack.Databreach and sent back to online servers , where the crook can access Attack.Databreach it via a neatly arranged backend . Once the BankBot author has access Attack.Databreach to user information , he can initiate banking transactions , or sell the user 's social media credentials online . When siphoning money out of a victim 's bank account , BankBot will also intercept Attack.Databreach and silently delete incoming SMS messages , meaning the bank 's transaction notification never reaches the user . Other BankBot features include the ability to send SMS messages and USSD requests , steal Attack.Databreach the user 's contacts list , track the user via GPS coordinates , and request additional permissions via popups for the latest Android OS versions , where the permissions system is more layered and interactive than in previous releases .