Fake Google Security Page Exploited as Spy Tool for Information Theft

A new phishing scam has been discovered that impersonates Google security checks, deceiving users and prompting them to install malware. This fake website is designed to appear as if additional security settings are required to protect your Google account, thereby stealing personal information and login credentials. Unlike attacks that directly exploit software vulnerabilities, this scam method tricks users into granting necessary permissions themselves.

When users authorize these permissions, mistaking them for part of a security procedure, attackers install malicious web apps capable of monitoring the device. Once installed, these malicious web apps spy on the device without the user's awareness, stealing login codes, clipboard content, and real-time location data. Furthermore, they operate by secretly siphoning internet traffic through the user's browser, leading to actual data theft and privacy breaches.

Security researchers at the cybersecurity firm Malwarebytes recently identified a phishing website using the domain 'google-prism[.]com'. This website mimics a legitimate Google security page, demanding the completion of a four-step setup to strengthen account protection and encouraging the installation of a Progressive Web App (PWA) – a technology that allows websites to be used like an app. This app runs through the browser but opens in its own window, similar to a regular computer application, and can perform tasks in the background. When a user accepts the permission requests on the fake page and installs the app, their browser begins operating for the attacker, making it difficult to detect the data leak.

Google's account verification or security updates are, in principle, never conducted through external domains.