Data-Stealing Gmail Tunnel Created By Hackers — What You Need To Know
Beware this Python threat that creates a Gmail tunnel.
Love it or loathe it, you can't ignore Google's highly popular free email platform, Gmail. With reports of sophisticated threats against users and seven-day account recovery warnings following password compromises, this is one email service that's never far from the news headlines. While many of these involve direct attacks against Gmail accounts, some are a little more, shall we say, complex in terms of the threat they pose. Such is the case with the latest report from security researchers who have uncovered Coffin-Code attackers using malicious Python packages designed to create a data-exfiltrating tunnel by way of Gmail. Here's what you need to know.
Let's start at the beginning and make it clear that the Simple Mail Transfer Protocol at the heart of this attack mechanism is not used by Gmail alone. SMTP is the de facto communication protocol used to send and receive email across the internet. It is, however, a highly trusted protocol just as Gmail is a highly trusted email provider. Trust plus trust, in this case, equals danger.
What the Socket Threat Research Team discovered, as reported by Olivia Brown, a threat analyst at Socket, is that attackers have created a bunch of malicious Python packages that use Gmail's SMTP protocol to create a tunnel that can exfiltrate data and execute attack commands. Read the full report if you want all the technical details.
Although all seven malicious packages have now been removed from the Python Package Index, the attack methodology is worth taking note of. 'Watch for unusual outbound connections, especially SMTP traffic, since attackers can use legitimate services like Gmail to steal sensitive data,' Brown warned.
I have reached out to Gmail for a statement.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
an hour ago
- Yahoo
Google Warns Quantum Computers Could Crack Bitcoin-Like Encryption 20 Times Faster Than Expected
Benzinga and Yahoo Finance LLC may earn commission or revenue on some items through the links below. New research by Google suggested that RSA encryption, a critical security feature used in securing Bitcoin (CRYPTO: BTC), may be more susceptible to quantum computing attacks than previously anticipated. What Happened: Google Quantum AI researcher Craig Gidney published a new paper indicating that RSA encryption could be broken with 20 times fewer quantum resources than previously estimated. 'We published a preprint demonstrating that 2048-bit RSA encryption could theoretically be broken by a quantum computer with 1 million noisy qubits running for one week. This is a 20-fold decrease in the number of qubits from our previous estimate,' Gidney wrote in a blog post. Don't Miss: Trade crypto futures on Plus500 with up to $200 in bonuses — no wallets, just price speculation and free paper trading to practice different strategies. Grow your IRA or 401(k) with Crypto – unlock the power of alternative investments including a Crypto IRA within your retirement account. A qubit is the basic unit of information used to encode data in quantum computing, serving as the foundation upon which quantum algorithms are built. The study did not specifically mention Bitcoin or other cryptocurrencies. However, the Elliptic Curve Cryptography algorithm, which secures transactions on Bitcoin with public and private keys, is similar in principle to the RSA. While Elliptic Curve Cryptography is currently secure against classical computers, a strong enough quantum computer could effectively crack it in the years to come, according to a previous study. Why It Matters: Concerns over Bitcoin's cryptography have increased with the release of Google's next-generation quantum chip, "Willow,' last year. This chip can solve a standard benchmark computation in under five minutes, a task that would take the world's fastest supercomputers 10 septillions, or 10^25, years to solve. While some experts ruled out immediate dangers, others advocated for proactive measures to prepare for the threat, such as switching to quantum-resistant algorithms. A study led by the University of Kent's School of Computing suggested that Bitcoin might need to undergo a costly and time-consuming update process to counter the threat from quantum computing in the future. Read Next: New to crypto? Get up to $400 in rewards for successfully completing short educational courses and making your first qualifying trade on Coinbase. A must-have for all crypto enthusiasts: Sign up for the Gemini Credit Card today and earn rewards on Bitcoin Ether, or 60+ other tokens, with every purchase. Photo Courtesy: Wirestock Creators on Shutterstock Send To MSN: Send to MSN This article Google Warns Quantum Computers Could Crack Bitcoin-Like Encryption 20 Times Faster Than Expected originally appeared on Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
2 hours ago
- Yahoo
Texas governor signs app store age verification measure
Texas Gov. Greg Abbott (R) signed a bill Tuesday requiring app stores, such as those run by Apple and Google, to verify user ages amid a push to ramp up protections for children online. The Lone Star State is the second to pass a law putting the responsibility of age verification on app stores, following Utah's lead. The Texas law is set to go into effect Jan. 1. Apple has pushed back on the measure, emphasizing that it shares the 'goal of strengthening kids' online safety' but is concerned it 'threatens the privacy of all users' by requiring app stores to collect and keep sensitive personal information about users. 'We believe there are better proposals that help keep kids safe without requiring millions of people to turn over their personal information,' an Apple spokesperson said in a statement. The pushback reflects a wider debate over who bears responsibility for determining users' ages — apps themselves or app stores. Social media giants, like Meta, X and Snap, have voiced support for shifting the onus of age verification onto app stores, as the conversation comes to Washington. Sen. Mike Lee (R-Utah) and Rep. John James (R-Mich.) introduced a bill earlier this month that, much like the measure from Lee's home state, would require Apple's App Store and Google's Play Store to verify user ages. Meta is also part of a new lobbying group in Washington, the Coalition for Competitive Mobile Experience, pushing for app store age verification and raising concerns about Apple's app store practices. They argue that app stores are best suited to handle the issue because they already have age data. 'Parents want a one-stop shop to verify their child's age and grant permission for them to download apps in a privacy-preserving way,' Meta, X and Snap said in a joint statement following the Texas bill signing. 'The app store is the best place for it, and more than one-third of US states have introduced bills recognizing the central role app stores play,' they added. 'We applaud Texas for taking this important step and urge Congress to follow suit.' This story was updated at 7:09 p.m. Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Yahoo
3 hours ago
- Yahoo
App store age verification, THC's impact, new energy drink: Catch up on the day's stories
👋 Welcome to 5 Things PM! Awe is an 'emotional superfood' that calms the mind, sparks curiosity and creates connection. A child development specialist explains how the emotion benefits teens and how parents can foster it. Here's what else you might have missed during your busy day: 1️⃣ Safety first: Texas is the latest state to pass a law requiring Google and Apple to verify app store users' ages. It's part of a broader push to better protect kids online, but critics say the verification rules could pose privacy risks and be difficult to enforce. 2️⃣ Sweaty months ahead: In the summertime, Athens is Europe's hottest destination — in terms of temperature and popularity. The city is expected to host a record 10 million visitors this year, which could strain efforts to protect unprepared tourists from the heat and to support locals facing inflation and infrastructure pressure. 3️⃣ Blunt facts: Using THC-laced edibles and smoking marijuana are both linked to early signs of cardiovascular disease, a new study found. A senior author says it's the first to look at the impact the drug has on vascular function in humans. 4️⃣ Fighting back: US and European authorities just announced major progress in countering cybercrime. The US Justice Department seized the computer system hackers allegedly used to access Lumma, a software tool they are accused of applying to attack airlines, universities, banks, hospitals and state governments. 5️⃣ Something's brewing: Beer sales have been declining for the past several years, so what does Anheuser-Busch do? Hop into the energy drink market by teaming up with controversial UFC boss Dana White. 🐝 Buzzworthy: Starting today, 243 students will compete in the Scripps National Spelling Bee under new rules for the lightning-round tiebreaker. CNN spoke with Faizan Zaki, who came in second place last year after time ran out during the round. • Trump was just asked about the 'TACO trade' for the first time. He called it the 'nastiest question'• Trump says he'll give it two weeks to determine if Putin is serious about Ukraine peace• Nick Kroll 'produced' John Mulaney's intervention because he was 'deeply scared' Mulaney was going to die 📱 That's how much a financial expert predicts an iPhone could cost if it were manufactured in the US due to tariffs. 🧸 Doll brawl: Distributor Pop Mart has halted sales of Labubus — a palm-sized plush toy with sharp teeth — in all its UK stores after reports of long lines, crowd surges and fights. ⚽ 17-year-old superstar: After having a historic 2024 season, Lamine Yamal signed a contract extension with FC Barcelona until the end of the 2030–31 season. According to Spanish media, the teenager is set to become one of the club's highest earners. 💸 A Texas woman is suing the state for not awarding her $83.5 million that she won from a lottery ticket. Why hasn't she been paid? A. She is a convicted felonB. She has unpaid speeding ticketsC. She bought the ticket on an appD. She moved out of state⬇️ Scroll down for the answer. 🫶 Touch over tech: Technology is impacting the interactions between patients and doctors, but to Abraham Verghese — Harvard's commencement speaker this week — the most important innovation in medicine is 'the power of the human hand to touch, to comfort, to diagnose, and to bring about treatment.' 👋 We'll see you tomorrow. 🧠 Quiz answer: C. The woman bought the ticket on the app Jackpocket, a lottery courier service, in February but Texas banned the service this month.📧 Check out all of CNN's newsletters. 5 Things PM is produced by CNN's Chris Good, Meghan Pryce, Kimberly Richardson and Daniel Wine.
