• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

gmail account access gained apparently using "EasyMail for Gmail" app for windows 10

I experienced a take over of my Google email account apparently through the "EasyMail for Gmail" app written by Tim Grabinat. Here is what I observed:

On Monday, Sep 11 at around 2:00 PM I started the app and noticed that many of the options and/or menus were written in what appeared to be an eastern European alphabet. I though nothing of it, thinking that, perhaps, I had accidentally changed the default language. After searching all configurations I could not find anything that would allow me to change the language back to English but could not find anything. Left the app open as I was planning to remove it and re-install it. Later on, at around 8:00 PM, I walked by my computer and as I glanced at it I noticed something odd so I decided to check it out. What had called my attention was that the cursor moved on the screen on its own. As I sat and observed I saw the cursor going to a folder and click it open. The cursor moved only within the email app as far as I could tell. I immediately turned off my computer, then rebooted it. After reboot I immediately ran a full scan using Norton Core Security Plus. At same time I removed the app from my system. The scan did not detect any problems. While the scan was running I logged in to my Google email account and changed the password. I also turned 2 step authentication on ( don't remember if it was on before the incident since my phone info was already there). I then clicked on "Details" and found that my account was being accessed from the Ukraine. I clicked on the option to log out all other sessions. No active sessions have been detected since and I am keep a  very close look on it. Here is the current table with the access details:

Recent activity:

Access Type [ ? ]
(Browser, mobile, POP3, etc.)Location (IP address) [ ? ]Date/Time
(Displayed in your time zone)

Browser (Chrome) Show details* United States (NY) (204.52.135.144)9:41 am (0 minutes ago)

Browser (Firefox) Show detailsUnited States (CT) (204.52.135.141)Sep 11 (12 hours ago)

Browser (Chrome) Show details* United States (CT) (204.52.135.141)Sep 11 (12 hours ago)

Browser (Firefox) Show detailsUnited States (CT) (204.52.135.141)Sep 11 (12 hours ago)

Atom feedUkraine (192.186.140.148)Sep 11 (13 hours ago)

Browser (Edge) Show detailsUkraine (192.186.140.148)Sep 11 (13 hours ago)

Atom feedUnited States (NY) (67.84.81.69)Sep 11 (13 hours ago)

Browser (Firefox) Show detailsUkraine (192.186.140.148)Sep 11 (13 hours ago)

Browser (Firefox) Show detailsUkraine (192.186.140.148)Sep 11 (14 hours ago)

Browser (Firefox) Show detailsUkraine (192.186.140.148)Sep 11 (14 hours ago)

Hope this helps...

Aires Pacheco

Replies

Kudos0

Re: gmail account access gained apparently using "EasyMail for Gmail" app for windows 10

An update: The access details listing as connected from the Ukraine are bogus connections. The bogus IP are generated by Norton VPN, which I am running, and are really my own connection(s). The report on the APP remains as stated. I no longer use the app "EasyMail for Gmail" unless I find a reasonable explanation for what I observed.

Aires Pacheco

This thread is closed from further comment. Please visit the forum to start a new thread.