A new study finds that malware being sent from Google Analytics to Gmail is not only being delivered in the wrong email address, but that it’s also being sent in a very unsecure format.
The researchers found that malicious emails were sent using the format: [email protected]@google.com In addition, they found that the malware was sent via a file extension, which makes it hard to determine the source.
The malicious email was sent using Google’s own API, but the researchers were unable to verify that it was sent by Google’s server, so the email was likely sent by a third party.
Google has confirmed that this is the case. [Buzzfeed]