Cybersecurity experts have uncovered a new phishing scam targeting Gmail users that disguises itself as a Google account security tool to steal sensitive information
Cybersecurity specialists have identified a novel scam aimed at Gmail users, masquerading as a Google account security feature intended to safeguard email accounts.
Experts at Malwarebytes Labs stumbled upon a malicious website that closely replicates Google’s genuine account security check, walking victims through a four-step procedure that seems authentic.
However, rather than securing accounts, the counterfeit tool discreetly gathers sensitive data that attackers can subsequently exploit to gain unauthorised access to Gmail and other Google services. Cybercriminals are luring victims to a bogus page via phishing emails, text messages and malicious pop-ups, falsely claiming that the user’s Google account needs immediate security verification.
Once on the fraudulent site, victims are tricked into downloading what seems to be a security tool, which can grant hackers access to the device’s contacts, real-time GPS location and clipboard data.
“When installed as a PWA (Progressive Web App), the browser address bar disappears,” explained researchers at Malwarebytes in a blog post. “The victim sees what looks and feels like a native Google app.”
Security experts caution that this harmful tool can also intercept one-time verification codes used for two-factor authentication, often needed to log into Gmail accounts.
In certain instances, the attack may also install extra software capable of recording keystrokes, potentially capturing usernames, passwords and other sensitive information typed on the device.
“Once connected, the attacker can route arbitrary web requests through the victim’s browser as if they were browsing from the victim’s own network,” stated the Malwarebytes researchers.
They also highlighted that Google does not carry out security checkups via unsolicited pop-up pages.
“If you receive an unexpected ‘security alert’ asking you to install software, enable notifications, or share contacts, close the page,” advised the team.
Cybersecurity experts at Malwarebytes Labs have issued a warning over a sophisticated phishing scam targeting Google users. The fake website, which mimics the real Google site, guides unsuspecting users through a four-step process that appears to enhance their account security but actually compromises sensitive information.
Initially victims are tricked into ‘installing’ a fake Google security tool, which is added to their device as a progressive web app, masquerading as a legitimate application. The site then requests users to enable notifications, claiming this will facilitate the receipt of critical security alerts.
However, these permissions grant attackers a direct communication channel with the victim’s device, even when the counterfeit app is not in use.
For the latest breaking news and stories from across the globe from the Daily Star, sign up for our newsletter by clicking here