Russian hackers use OAuth, fake Google apps to phish users

Advertisement


The Russian hacking group blamed for targeting U.S. and European elections has been breaking into email accounts, not only by tricking victims into giving up passwords, but by stealing access tokens too.

It’s sneaky hack that’s particularly worrisome, because it can circumvent Google’s 2-step verification, according to security firm Trend Micro.

The group, known as Fancy Bear or Pawn Storm, has been carrying out the attack with its favored tactic of sending out phishing emails, Trend Micro said in a report Tuesday.

Advertisement