Computer worm in "Google Docs" disguise plagues Gmail users' contacts

by Julie Splinters - -

After Skype spam campaign has dashed away[1], felons do not miss a chance to exploit every small detail for their advantage. Thus, this time they pointed their daggers to Google Docs. The malware campaign includes spamming users with invitations to open a corrupted Google Doc file[2]. You may recall that this malicious campaign reminds another one, launched by Mole ransomware hackers, who also attempted to deceive users with a corrupted Google Docs link. Is it merely a coincidence? 

You may be one of the thousands of users who received an invitation to review the contents of a Google Docs document sent from hhhhhhhhhhhhhhhh@mailinator.com[3]. By clicking “Open in Docs”, you are redirected to another step which asks for your permission for reading, sending, deleting, and managing your email as well as contacts. If you were not using Google Docs, such inquiry seems more than fishy. However, daily users of Google Docs may not look through the misleading veneer. Later on, the command makes an OAuth connection which provides legitimate access to your Gmail account and contact list. Later on, the malicious script of the worm replicates itself and sends itself to your contacts. The problem that once your friends receive a Google Doc invitation, which is seemingly sent from you, may not trigger any suspicions for your contacts. In short, a string of infections begins. The campaign continued approximately from May 3rd to May 5th, until Google has terminated this imposter.

While currently, the online market is dominated by ransomware, racketeers revive older computer worms. A month ago, cyber security specialists spotted a hike in Conficker trojan[4] which joined forces with exploit kits[5]. These tendencies undoubtedly make users more aware and alarmed about possible outcomes of getting infected with such spam. While netizens are under constant hackers’ surveillance, they need not only arm up with malware prevention programs but remain vigilant. Despite how elaborate a cyber attack might be, you might cease or prevent it simply by canceling the initial step. In the case of Google Docs OAtuh worm, you can evade it simply by not opening the link or attachment. Even if it may seem paranoid, but inquiring your friend whether he or she truly sent a link or a document might prevent you from releasing a cyber menace out of Pandora box.

References


Files
Software
Compare
Like us on Facebook