Google was forced to share private information from users of its Gmail e-mail service with the FBI to help the government agency investigate the malware, according to reports from affected users.
The federal agency allegedly seeks people who have access to software tools that allow them to hack or remotely infiltrate another person's computer.
This software can allow people to secretly record the activity of the users on the screen and obtain confidential information from the victims.
Dozens of Gmail users have volunteered to share the details of an email received from the Californian search company informing them of an ongoing investigation into the software they had purchased online.
Google has not disclosed what information has been shared with the FBI.
It is still not known exactly how many people have been involved in the research, however, it is believed that more than 8,600 people bought the tool online.
Scroll down to watch the video
Google has been forced to send private information from users of its Gmail service to the FBI. Dozens of users have offered to share details of an email they received from the search company informing them of an investigation (stock image)
WHAT IS REMOTE ACCESS SOFTWARE?
Remote access software can be installed on a machine, server or network to allow a user to connect and control from anywhere in the world.
Legitimate uses include logging in to your PC or work network from your home or accessing your multimedia files so you can listen to music on your computer from your smartphone.
However, it can also be used to spy, record or obtain confidential information from unconscious victims in secret.
Colton Grubbs, based in Kentucky, pleaded guilty to distributing the software tool, known as LuminosityLink, in July.
The $ 40 tool (£ 30) was used by thousands of customers to gain unauthorized access to tens of thousands of computers in 78 countries around the world, according to security experts.
Users of Reddit, Twitter and HackForums, a popular site for both cybercriminals and cybersecurity enthusiasts, have reported receiving the email.
According to its recipients, the email says: Google received and responded to the legal process of the Federal Bureau of Investigation (Federal District of Kentucky) that requires disclosure of information related to your Google account.
The email includes a legal case number that refers to court proceedings that are still sealed in the US. UU., But several of those who showed up say they bought the tool.
"It seems to me that the court initially ordered Google not to disclose the existence of the information claim, so Google was legally barred from notifying the user," cyber crime attorney Marcia Hoffman told Motherboard.
"Then the non-disclosure order was lifted, so Google notified the user, there's nothing unusual about that per se.
"It is common when law enforcement seeks information during an ongoing investigation and does not want to inform the target (s)."
While e-mail research seems to be an attempt to unmask all those who purchased LuminosityLink, it is not necessarily illegal to own this type of remote access software (RAS).
According to its recipients, the email (in the image above) says: Google received and responded to the legal process of the Federal Bureau of Investigation that requires you to disclose information related to your Google account & # 39;
While research by email seems to be an attempt to unmask all the people who bought LuminosityLink (website in the photo), it is not necessarily illegal for this type of remote access software
RAS can be installed on a machine, server or network to allow a user to connect to the hardware and control some of its functions from anywhere in the world.
Legitimate uses include logging in to your PC or work network from your home, or accessing multimedia files so you can listen to music stored on your computer from a smartphone or tablet.
However, software with this functionality can also be used to secretly spy, record or obtain confidential information from unconscious victims.
"If someone is simply buying a tool that allows this kind of ability to remotely access a computer, they can be a good guy or they can be a bad guy," internet rights specialist Gabriel Ramsey told Motherboard.
"I can imagine a situation in which that type of request arrives, for good or bad accounts, from both types of buyers."
HOW CAN YOU PROTECT YOUR INFORMATION ONLINE?
Because hackers are increasingly creative, security experts warn that consumers should take all possible measures to protect their identities (file photo).
- Make your authentication process bidirectional whenever possible. You must choose this option in the websites that offer it because when a specific identity action is required in addition to entering your password and username, for scammers it is much more difficult to access your information.
- Secure your phone. Avoiding public access to the Internet and installing a screen lock are simple steps that can hinder hackers. Some fraudsters have begun to discount insurance phones immediately. Installing anti-malware can also be beneficial.
- Subscribe to alerts. Several institutions that provide financial services, including credit card issuers, offer customers the opportunity to receive notifications when they detect suspicious activity. Activate these notifications to stay informed about the activity of the credit card linked to your account.
- Be careful when issuing online transactions. Again, some institutions offer notifications to help with this, which will alert you when your card is used online. It could also be useful to set limits on the amounts that can be spent with your card online.