Cybersecurity professionals have discovered a new fraud scheme aimed at Gmail users that presents itself as aGooglea security utility created to safeguard email profiles
Scientists from Malwarebytes Labs identified a harmful website that strongly resembles Google’s official account security verification and leads users through a four-step procedure that seems genuine.
Rather than safeguarding accounts, the fraudulent tool secretly gathers confidential details that cybercriminals can subsequently exploit to access Gmail and other Google platforms.
Cybercriminals are trying to lure users to the fake site via phishing emails, SMS messages, and harmful pop-ups that state a user’s Google account needs urgent security validation.
After arriving on the site, victims are asked to install what seems like a security application, which can allow cybercriminals to access the device’s contacts, real-time GPS location, and clipboard information.
When deployed as a PWA (Progressive Web App), the browser’s address bar is hidden,” explained Malwarebytes researchers in a blog post. “The user experiences something that appears and functions like a genuine Google application.
Cybersecurity experts caution that the harmful software has the capability to capture one-time verification codes utilized for two-factor authentication, which are frequently needed to access Gmail accounts.
In certain instances, the attack might also introduce extra software designed to capture keyboard input, possibly collecting usernames, passwords, and other confidential details entered on the device.
After establishing a connection, the attacker can send any web requests through the victim’s browser, making it appear as though the requests are originating from the victim’s own network, according to Malwarebytes researchers.
They also mentioned that Google does not perform security checks via unexpected pop-up windows.
“If you encounter an unexpected ‘security alert’ prompting you to install software, turn on notifications, or share contacts, close the window,” the team mentioned.
Authorized account security tools can be accessed directly via your Google Account at myaccount.google.com.
The team at Malwarebytes Labsmentioned that the fake website guides users through four steps that seem to enhance their account security, but are actually meant to provide attackers with access to confidential details.
Initially, victims are encouraged to ‘install’ a tool that appears to be Google’s security application, which is then added to their device as a progressive web app that functions like a genuine app.
Then, the website prompts users to activate notifications, stating that this will enable them to get critical security updates.
These privileges enable hackers to establish a continuous connection with the user’s device, even if the deceptive application is not actively running.
The third step prompts users to share their phone contacts, framing the action as a method to ‘safeguard’ them.
Once victims choose their contacts, the page shows a confirmation message indicating the contacts are protected, but experts discovered that the data is truly transmitted directly to a server managed by the attackers.
In conclusion, the website asks for permission to access the user’s GPS location, stating that it is required to confirm the account is from a reliable area.
Nevertheless, the request can gather precise location information, such as latitude, longitude, elevation, direction, and speed of movement, which is subsequently sent to the attackers.
As per security experts, the counterfeit tool is capable of capturing one-time verification codes utilized for two-factor authentication, which are commonly needed to access Gmail and other Google platforms.
jasdooit 
Leave a comment