A recent cybersecurity report revealed a fresh phishing scheme targeting Gmail users, as outlined by experts at Malwarebytes Labs. The fraudulent operation utilizes a fake security tool to gather sensitive data under the guise of enhancing account protection. Victims are lured to a deceptive website resembling Google’s security interface through phishing emails, texts, and pop-up notifications claiming an urgent need for account verification.
Upon visiting the site, users are deceived into installing what seems like a legitimate security application. This tool operates as a progressive web app, mimicking a native application’s appearance and concealing browser indicators to deceive users. The site then requests users to enable notifications, share contact lists, and provide location access, ostensibly for security purposes. However, these permissions enable cybercriminals to extract personal details, including contacts and precise location data like latitude, movement, and speed.
Additionally, the deceptive tool can intercept two-factor authentication codes and potentially install harmful software to capture keystrokes, compromising sensitive information like usernames and passwords. Malwarebytes Labs cautioned that this phishing attack could enable cybercriminals to redirect web activity through the victim’s device, essentially utilizing it as a proxy to access online services on behalf of the user.
The researchers stressed that Google does not prompt users for security checks via unsolicited pop-ups or requests for external software installations. Users were advised to be cautious of unexpected security alerts and to utilize account protection tools exclusively through official channels to mitigate such risks.