Google like most websites has always made heavy use of plugins, however, not all of them come from Google some can me accidentally or mistakenly downloaded without the user ever noticing and could damage your computer. Today the company has announced their new way will handle malicious plugins as well issuing new warnings as well as a more involved verification system for apps. The malicious plugins seem to primarily come from apps and as a result the Google is particularly targeting apps that plug into Google. This ne policy from Google came after a malicious attack on Google Docs users in May, the spam disguised itself in the form of an invitation to collaborate on a document.
The spam even named itself “Google Docs” in order to further confuse users into accepting the invitation, after which the spam sent a new request to everyone on the users contact list, which repeated the cycle and allowed the app to spam to be spread virally. Thankfully the app which contained the spam was blacklisted by Google, but not before it had already been spread to thousands Google Doc of users. Google immediately reinforced their developer registration systems meaning that new apps would have to register and be verified by Google beforehand, thus making it harder for unknown apps to plug into Google accounts. However, despite their new security measures, malicious and unknown software and plugins still remain as a very large problem for Google as well as companies. Social Media is also a huge target for these plugins, recently the security group known as OurMine has been responsible for a string of attacks where they posted false news and messages from Twitter accounts owned by Sundar Pichai, Jack Dorsey, and Sony Music tweeting false news about the death of Britney Spears.
OurMine gained access to these accounts through third-party apps, which were authorized to post to the intended account. Social media users often give third-party applications access to their accounts without any knowledge as to how harmful it could be, by doing so, users give hackers multiple ways into the account. These third-party apps often come in the form of things that appeal to the user such as, personality quizzes, image generators, or horoscopes. Google and many social media platforms advise users not to click on any third-party apps that ask to post to your accounts as well as revoking any access from third-party apps that they no longer use.
Featured Image via Wikimedia Commons