Google Chrome is up-to-date
Versie 75.0.3770.100 (Officiële build) (32-bits)
I sent the Chrome team this 2 days ago and I also contacted API Support team...
Somehow the virus contained in this file [link removed by moderator] and this file [link removed by moderator] immediately broke out of my 360 TotalSecurity Sandbox and not only that, it started adding all my logged in gmail accounts to dropbox!!! IP History shows a browser used in Sweden. I have 2FA enabled for all gmail accounts (no mobile number) so it's beyond me how they can add my gmail accounts (even Apps for your Domain) to Dropbox (without Dropbox being able to find the account through password reset). I quickly noticed the file was not safe so I disconnected the internet and cleaned up (only 1 PuP file for some Russian mail app in AppData\Local). Yet within 20 seconds the damage was already done...
1. how can dropbox give gmail accounts access to non-existing accounts (I got almost a dozen notification emails from Google, they are legit),
2. how can a virus read my logged in gmail addresses (I don't store any passwords but I do use lastpass, which wasn't the leak because that contains many more gmail accounts that didn't get breached)?
3. Next to the dropbox warnings, I also got a password reset email from Bittrex crypto exchange... I made that account last week, with a non-existing email address (but catch-all of my domain)... How the frack did they get that email address that quickly?
4. WHAT INFORMATION IN MY Gmail CAN BE ACCESSED THROUGH DROPBOX???!!!
Luckily I investigated the Google Notifications on my Mobile phone and immediately changed all passwords... Yet I have no idea if my private information has been stolen already... Access to my gmail would be a hackers' paradise. So far, all is good BUT I have not forgotten the password reset request for my virgin Bittrex account...!
I thought you should know to. I have ran Avast (it was installed), 360 TotalSecurity (with all engines enabled, even Avira's) and now also a Full working Demo version of Dr.Web (which did wonders on my Android phones) including a firewall. All is (reportedly) clean.
Kindly advise: especially question 4 (ALL CAPS) is important to ME. What's going on here??? How can hackers in Sweden use Dropbox with non-existing Dropbox accounts to access my gmail??? And WHAT can they access?
* actually, the downloaders itself are kind-of safe; the resulting download (an ISO file) contains the nasty piece of software that triggered all of Google's emails warning me about Dropbox access from Sweden (where I don't live).
Email sent by Google:
Q: "Were the notifications you received about getting started and verifying the email address?"
No. No sign-up emails were received, just the above ones. A password reset for the compromised email addresses for which I got the Google warnings, did not get a password reset email from Dropbox. Google Account activity clearly shows activity from a browser session in Sweden, on ALL affected accounts.
If you need more help you can log a ticket with our Support Team here (expected response time 24 hours), or contact us on Twitter or Facebook.
For more info on available support options, see this article.
If you found the answer to your question, please 'like' the post to say thanks to the user!