A phishing campaign is using a fake Google Account security page to deliver a web-based Progressive Web App (PWA) capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims’ browsers. The campaign, uncovered by BleepingComputer, targets Google Account users with a spoofed security page that tricks them into installing the malicious PWA app.
The fake security page, designed to resemble a legitimate Google Account page, prompts users to enter their login credentials and one-time passcodes, which are then stolen by the attackers. The campaign is particularly concerning because it uses a legitimate-looking Google Account security page, which may lead even cautious users to let their guard down. The attackers are also using the PWA app to harvest cryptocurrency wallet addresses, which could be used to steal cryptocurrencies such as $BTC and $ETH.
The use of a PWA app in this phishing campaign is significant because it allows the attackers to create a legitimate-looking app that can be installed on a user’s device, making it harder to detect. The PWA app can also be used to proxy attacker traffic through the victim’s browser, allowing the attackers to conduct further malicious activities. According to Google, PWA apps are designed to provide a seamless and secure user experience, but in this case, they are being used for malicious purposes.
The campaign has sparked concerns about the security of Google Account users and the potential for similar phishing campaigns to target other online services. The incident highlights the importance of being cautious when clicking on links and installing apps, even if they appear to be legitimate. As reported by Cybersecurity and Infrastructure Security Agency (CISA), phishing campaigns continue to be a major threat to online security, and users must be vigilant to avoid falling victim to these types of attacks.
| Malware Type | Target | Steals |
|---|---|---|
| PWA App | Google Account users | One-time passcodes, cryptocurrency wallet addresses |
As the campaign continues to evolve, it is likely that the attackers will refine their tactics to evade detection and improve the effectiveness of their phishing campaign. The incident serves as a reminder of the importance of implementing robust security measures, such as multi-factor authentication and regular security updates, to protect against these types of threats.
⚡ Why it matters: The phishing campaign using a fake Google Account security page to steal credentials and MFA codes poses a significant threat to online security, and users must be aware of the risks to protect themselves. The incident highlights the importance of being cautious when clicking on links and installing apps, even if they appear to be legitimate.
📊 By the numbers:
Number of affected users: unknown
Types of stolen data: one-time passcodes, cryptocurrency wallet addresses
Potential impact: financial loss, identity theft
🔗 Source: BleepingComputer*
