Topics: Google, Technology, Crime
Cybersecurity experts have issued a stark warning to 1.8billion Gmail users after a new scam began to gain traction which could lead to a total loss of their accounts.
Researchers at Malwarebytes Labs urged users to be on their guard, after they discovered a malicious website that mimicked the official Google security tool, which is typically used to keep accounts secure.
The website closely mimics Google's official security check and guides victims through a four-step process that appears legitimate at first glance.
Yet instead of securing an account and protecting a user’s data, the new scam actually steals personal data that can then be used to gain access to Gmail and other Google services.
Advert
Most incidents have been due to users following a link, which has been shared by Hackers via a phishing email, text message or malicious pop-up claiming a user's Google account requires immediate security verification.
Users who fall for the scam will then be directed to the fake website where they will be prompted to install what appears to be a security tool, but can actually give cybercriminals access to the device's contacts, real-time GPS location and clipboard data.
“When installed as a PWA (Progressive Web App), the browser address bar disappears,' Malwarebytes researchers explained in a blog post. “The victim sees what looks and feels like a native Google app.”
Divided into four steps, the website prompts users to follow the instructions on screen, with the first step being to install the fake app, which can appear initially authentic.
Once this is downloaded, victims would then be prompted to enable notifications, claiming this will allow them to receive important security alerts. Yet by agreeing to this, it actually gives hackers a direct route to your device even when the fake app is not open.
The third step will see the fake site request access to all of your contacts under the guise of ‘protecting them’- something it is important to note, Google itself would never request - but researchers found the information is actually sent directly to a server controlled by the attackers.
The fourth and final step, involves being asked to share your GPS location data, which includes latitude, longitude, altitude, direction and movement speed, and means hackers will know where you live, where you are at that present moment, and everywhere you’ve been and when.
Crucially, once hackers have tricked a user into installing the app, they can then even intercept 2-factor authentication codes from official sources, and in some cases the attack may also install additional software capable of recording keystrokes, potentially capturing usernames, passwords and sensitive personal information such as social security numbers or addresses.
“Once connected, the attacker can route arbitrary web requests through the victim's browser as if they were browsing from the victim's own network,” Malwarebytes researchers said.
They also went on to note that Google itself would never ask for a user to install software via a pop-up, as the continued: “If you receive an unexpected 'security alert' asking you to install software, enable notifications, or share contacts, close the page.”
“’Legitimate account security tools are accessed directly through your Google Account at myaccount.google.com.”
