A recent cybersecurity report revealed that a fresh phishing scheme aimed at Gmail users is leveraging a fake security tool to gather sensitive data, as per findings from researchers at Malwarebytes Labs.
The deceptive campaign involves a fraudulent website designed to closely imitate Google’s official account security interface. The site guides users through a four-step process that seemingly enhances account security but is actually a ploy to gather personal information for unauthorized access to email accounts and other services.
Per the researchers, cybercriminals are luring potential victims to the bogus site through phishing emails, text messages, and pop-up notifications that falsely claim urgent account verification is needed. Upon visiting the site, users are encouraged to install what appears to be a legitimate security application.
The purported security tool is deployed as a progressive web application, mimicking the appearance of a native app and concealing browser indicators like the address bar. This tactic aims to deceive users into believing they are interacting with a legitimate site.
The process then requests users to enable notifications, share contact lists, and provide access to their device’s location data. Although portrayed as security protocols, these permissions enable attackers to harvest detailed personal information, including contacts and precise location details like latitude, movement, and speed.
Furthermore, the tool can intercept one-time verification codes utilized for two-factor authentication, a common security practice for account logins. In certain instances, additional malicious software may be implanted to capture keystrokes, potentially obtaining usernames, passwords, and other sensitive data.
Malwarebytes Labs cautioned that this attack could enable cybercriminals to reroute web activities through a victim’s device, effectively utilizing it as a proxy to access online services as the genuine user.
The researchers highlighted that Google does not initiate account security checks through unsolicited pop-ups or requests for external software installations. Users are advised to refrain from engaging with unexpected security alerts and to access account protection features directly from official sources.
