Google Docs E-mail Malware attack going around today...

[hybridsoldier23]

Figure I'd post this since half my studio got infected today.

I received a phishing email today, and very nearly fell for it. I'll go through the steps here:

1. I received an email that a Google Doc had been shared with me. Looked reasonably legit, and I recognized the sender.
2. The button's URL was somewhat suspicious, but still reasonably Google based.
3. I then got taken to a real Google account selection screen. It already knew about my 4 accounts, so it's really signing me into Google.
4. Upon selecting an account, no password was needed, I just needed to allow "Google Docs" to access my account.
5. If I click "Google Docs", it shows me it's actually published by a random gmail account, so that user would receive full access to my emails (and could presumably therefore perform password resets etc).
6. Shortly afterwards I received a followup real email from my contact, informing me: "Delete this is a spam email that spreads to your contacts."

To summarise, this spam email:

• Uses the existing Google login system
• Uses the name "Google Docs"
• Is only detectable as fake if you happen to click "Google Docs" whilst granting permission
• Replicates itself by sending itself to all your contacts
• Bypasses any 2 factor authentication / login alerts
• Will send scam emails to everyone you have ever emailed

________________________________________

FAQ

How do I know if I've been affected?

If you clicked "Allow", you've been hit. If you didn't click the link, closed the tab first, or pressed deny, you're okay! The app may have removed itself from your account, and may have deleted the sent emails.

What do I do if I've been affected?

1. Revoke access to "Google Docs".
2. Try and see if your account has sent any spam emails, and send a followup email linking to this post / with your own advice if so.
3. Inform whoever sent you the email about the spam emails, and that their account is compromised.

What are the effects?

All emails have been accessed, and the spam forwarded to all of your contacts. This means they could have all been extracted for reading later. Additionally, password reset emails could be sent for other services using the email address.

I'm a G Suite sysadmin, what do I do?

The following steps by/u/banden may help, but I can't verify they'll prevent it.

1. Block messages containing the [email protected] address from inbound and outbound mail gateway/spamav service.
2. Locate Accounts in Google Admin console and revoke access to Google Doc app.

 

[King of Trash Style]

Thanks for the post. At least I can see it coming.

 

[st1llundftd]

My workplace just got hit with this. Pretty crazy how fast it's spreading

 

[23kidd]

Damn...ikeep telling people, ANYBODY can get hacked, even google.

Im in cybersecurity field, so this is nothing new to me.

 

[Fozz]

Damn...ikeep telling people, ANYBODY can get hacked, even google.

Im in cybersecurity field, so this is nothing new to me.

Man, I want to get in that field. What do I need to do

 

[Hoodrich Laflare]

Appreciate the FYI.

 

[PabloSanchez]

View media item 2424543
Nice, it looks sophisticated and really well done

 

[letsgetit22]

I just got an email.
Good thing i be on the internet throughout the day at work.

 

[RustyShackleford]

They got the kid |I

Mine came/got forward from my CEO too

 

[shiznut123]

Got an email today, immediately called the person to see if it was legit, was not.

 

[AZwildcats]

I might get fired if I clicked opened that URL at work, they take that security stuff real seriously. Good luck to y'all and thanks for the heads up

 

[216c2a]

Be safe out there. Can't trust anyone.

 

[703 hwy]

Got this email earlier. Looked funny so I didn't open it.

 

[definition of dopeness]

Life is funny, just Monday the IT dudes had a meeting with us to address this sort of stuff. Someone had goofed and messed something up last week. My man was real passionate about it, damn near scolding us.

Fast forward to today and my man got caught by one of these emails. Sent out an email to warn us about it and they been messing with dude via email all afternoon .

 

[gokickrocks]

Haven't gotten an e-mail yet, but our IT dept warned us about this.

 

[trelvis tha thrilla]

Got hit early this morning. Came from someone I trusted.

 

[gwap]

google already fixed the security flaw

 

[Nereyda Vuelve Por Dios]

Damn happened to me. Sender was my realtor. Now computer is on that blue screen ****. Might have to call IT

 

[thinheir]

Savages.

 

[johnnyredstorm]

Thankfully this didn't hit me or my students. Yet at least.

 

[xxpizzo]

IT warned us about this, ill be keeping a look out

 

[chadleroy]

They got the kid |I

Mine came/got forward from my CEO too

Lmao so you're ceo clicked the link first then.

Got it yesterday already knew it was fraud

 

[macbk]

Saw this trending on Twitter yesterday but didn't even bother following up. Fortunately I wasn't hit with a bogus email, and I stay on Google Docs all day at work.

 

[ill steelo]

Hit my workplace also. It came from a coworker that I never speak to and there was no other email explaining why he sent it so I didn't even open it up. Thought it was odd. I was right for once

 

[quise2024]

We got a company wide email about this yesterday .. i forwared it on to my wife and she said they had been made aware of it as well