A new phishing campaign is using fake Google security checks to steal passwords and other sensitive data from unsuspecting users.
Researchers at Malwarebytes warned that the scam impersonates Google’s account protection system to trick victims into installing a malicious web app.
Once installed, the tool quietly collects your credentials, one-time passwords, and other personal information. The scam starts with a fake Google account security page designed to look real.
Victims must complete security verification steps to secure their accounts. Instead of protecting your account, this process installs malicious Progressive Web Apps (PWAs) through domains designed to appear legitimate, such as google-prism.[.]com.com.
How Fake Google Security Pages Steal Your Data
Progressive web apps are commonly used to make websites behave like installed applications. In this case, attackers exploit this to distribute malicious apps directly through the browser.
After installation, the PWA sends notifications, looks for permissions to access clipboard data and other browser features, and then deploys a service worker that enables push notifications, background tasks, and sensitive data collection.
Researchers say they can steal login credentials, intercept OTPs used for multi-factor authentication, and harvest cryptocurrency wallet addresses. The tool can also access clipboard data, collect GPS location information, and capture other device details.
The attack can also turn the victim’s browser into a proxy that routes the attacker’s traffic. This means that cybercriminals can hide their activities behind user devices while continuing to monitor data from compromised browsers.
The incident highlights a broader trend in cybercrime where even the latest AI tools can be abused, with researchers showing that browsing-assisted chatbots can act as covert relays for malware traffic.
How to stay protected?
Google does not run security checks through arbitrary pop-up pages. If a “security warning” asks you to install software, enable notifications, or share your contacts, close it. Real security tools are only available through your account at myaccount.google.com.
To stay safe, you should pay close attention to security messages and website addresses. Always check the URL before entering your login information and don’t install unknown web apps.
Enabling two-factor authentication and using a password manager can also add extra protection if your credentials are compromised.
Google is also strengthening its defenses against new threats. The company recently discovered a new AI-based malware that can rewrite its own code in real time.
That’s why Chrome is testing Gemini-based anti-fraud protection to automatically flag suspicious websites before users fall prey to phishing attacks.