Russian Hackers Sidestep 2-Step Verification To Phish Users

TrendMicro has revealed a new method used by Russian refers to anything related to Russia, including: Russians (русские, russkiye), an ethnic group of the East Slavic peoples, primarily living in Russia and neighboring countries Rossiyane (россияне), hackers to trick individuals into giving hackers the access to their Google accounts may refer to: Account (accountancy) A report Deposit account Personal account Sweep account Transactional account User account, the means by which a user can access a computer system Online. The Russian hacking group named Fancy Bear, also known as Pawn Storm, tricks users not by giving up passwords but rather by abusing the access tokens of OAuth, the token-based authorization and authentication standard used by Google, Facebook, Yahoo, and other websites. This new development in the world of cyber-crime is very worrisome, according to antivirus and security company TrendMicro, as it is able to circumvent Google’s usually very secure 2-step verification. TrendMicro fears that even highly educated individuals can be tricked in the relatively advanced social engineering scheme developed by the Russian hackers.

TrendMicro has detailed on its blog how hackers can abuse OAuth is an open standard for authorization, commonly used as a way for Internet users to authorize websites or applications to access their information on other websites but without giving them the to gain access to the accounts of unsuspecting individuals individual is a person or a specific object. The hackers computing, a hacker is any skilled computer expert that uses their technical knowledge to overcome a problem first developed an application may refer to that it would use for phishing, which Fancy Bear are carnivoran mammals of the family Ursidae named as “Google Defender defender is usually a participant in defense (military) or defense (sports)”, then had the rogue app approved by the OAuth after going through basic security checks. Afterward, the hackers will email its targets may refer to with a fraudulent email, stating that Google detected unauthorized sign-in attempts of the target’s Google account and in turn urges the target to use their rogue app “Google Defender” to improve the account’s security is the degree of resistance to, or protection from, harm. Once the user authorizes the rogue app, the hackers will then have access to the email account of the target user may refer to: User (system), a person using a generic system User (computing), a person or software using an information system User (telecommunications), an entity using a telecommunications. Fancy may refer to Bear also takes advantage of the fact that the authorization of the rogue application is done in a legitimate Google website, leading more users to think that the “Google is an American multinational technology company specializing in Internet-related services and products Defender” is a legitimate from the Latin legitimare meaning “to make lawful”, may refer to: Legitimacy (law) Legitimacy (political) Legitimacy of standards application from the search giant.

In addition to Google accounts, Fancy Bear also targeted Yahoo ! Inc. is an American multinational technology company headquartered in Sunnyvale, California email mail, or email, is a method of exchanging digital messages between people using digital devices such as computers and mobile phones accounts of certain high-profile targets with rogue applications like McAfee Email Protection. Changing passwords are not enough to revoke the rogue application’s access to the app, so the users are advised to check for the applications that have access may refer to: getting in to the account and manually revoke trick-taking card games, a revoke (or renege, pronounced /rɪˈneɪɡ/ or /rɪˈniːɡ/) is a violation of the rules regarding the play of tricks serious enough to render the round invalid the access of any suspicious apps. Aside from the Google Defender and McAfee Email Protection, other apps apps or APP may refer to Fancy Bear used in its hacking attempts, according to TrendMicro, are Google Email Protection may refer to, Google Scanner, and Delivery Service, with or WITH may refer to: Carl Johannes With (1877–1923), Danish doctor and arachnologist With (character), a character in D. N. Angel With (novel), a novel by Donald Harrington With (album), the latter specific to Yahoo e-mail accounts. While it may take some time for the targeted users to revoke the access of suspicious apps, Google has stated that it is already taking steps to reduce the impact of the rogue apps, with the search giant are the monsters of human appearance but prodigious size and strength common in the mythology and legends of many different cultures reviewing the rogue may refer to apps and taking them down if the apps are found to violate Google’s User Data Policy. Google also reminded users to only download apps from the Google Play Store or the Apple App store and only use legitimate applications from the search or search may refer to: Search and rescue Search and seizure, a police procedure Searching (horse) (1952–1973), a racehorse Bayesian search theory, looking for a target Search Games, looking for an giant.

You may also like...