{"id":19540,"date":"2026-03-03T20:13:00","date_gmt":"2026-03-03T20:13:00","guid":{"rendered":"https:\/\/umang.pk\/2026\/03\/03\/this-fake-google-security-check-can-steal-your-password-heres-how-to-stay-safe\/"},"modified":"2026-03-03T20:13:00","modified_gmt":"2026-03-03T20:13:00","slug":"this-fake-google-security-check-can-steal-your-password-heres-how-to-stay-safe","status":"publish","type":"post","link":"https:\/\/umang.pk\/ur\/2026\/03\/03\/this-fake-google-security-check-can-steal-your-password-heres-how-to-stay-safe\/","title":{"rendered":"This fake Google security check can steal your password. Here&#8217;s how to stay safe:"},"content":{"rendered":"<div id=\"dt-post-content\">\n<p>A new phishing campaign is using fake Google security checks to steal passwords and other sensitive data from unsuspecting users.<\/p>\n<p>Researchers at Malwarebytes warned that the scam impersonates Google&#8217;s account protection system to trick victims into installing a malicious web app.<\/p>\n<p>Once installed, the tool quietly collects your credentials, one-time passwords, and other personal information. The scam starts with a fake Google account security page designed to look real.<\/p>\n<figure data-wp-context=\"{\" imageid=\"\" data-wp-interactive=\"core\/image\" class=\"wp-block-image size-large wp-lightbox-container\"><img loading=\"lazy\" decoding=\"async\" width=\"1029\" height=\"832\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-on-async--load=\"callbacks.setButtonStyles\" data-wp-on-async-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/umang.pk\/wp-content\/uploads\/2026\/03\/This-fake-Google-security-check-can-steal-your-password-Heres.jpeg\" alt=\"Phishing-WebApp-Impersonation-Google\" class=\"wp-image-5955498\" title=\"\"><button class=\"lightbox-trigger\" type=\"button\" aria-haspopup=\"dialog\" aria-label=\"Enlarge\" data-wp-init=\"callbacks.initTriggerButton\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-style--right=\"state.imageButtonRight\" data-wp-style--top=\"state.imageButtonTop\"><br \/>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewbox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\"\/>\n\t\t\t<\/svg><br \/>\n\t\t<\/button><figcaption id=\"caption-attachment-5955498\" class=\"wp-caption-text\"><span class=\"text\">Fake Google Security Check<\/span> <span class=\"credit\">malwarebytes<\/span><\/figcaption><\/figure>\n<p>Victims must complete security verification steps to secure their accounts. Instead of protecting your account, this process installs malicious Progressive Web Apps (PWAs) through domains designed to appear legitimate, such as google-prism.[.]com.com.<\/p>\n<h2 class=\"wp-block-heading\">How Fake Google Security Pages Steal Your Data<\/h2>\n<p>Progressive web apps are commonly used to make websites behave like installed applications. In this case, attackers exploit this to distribute malicious apps directly through the browser.<\/p>\n<figure data-wp-context=\"{\" imageid=\"\" data-wp-interactive=\"core\/image\" class=\"wp-block-image size-large wp-lightbox-container\"><img loading=\"lazy\" decoding=\"async\" width=\"1385\" height=\"956\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-on-async--load=\"callbacks.setButtonStyles\" data-wp-on-async-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/umang.pk\/wp-content\/uploads\/2026\/03\/1772607044_730_This-fake-Google-security-check-can-steal-your-password-Heres.jpeg\" alt=\"Malicious Google Security Page\" class=\"wp-image-5955497\" title=\"\"><button class=\"lightbox-trigger\" type=\"button\" aria-haspopup=\"dialog\" aria-label=\"Enlarge\" data-wp-init=\"callbacks.initTriggerButton\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-style--right=\"state.imageButtonRight\" data-wp-style--top=\"state.imageButtonTop\"><br \/>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewbox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\"\/>\n\t\t\t<\/svg><br \/>\n\t\t<\/button><figcaption id=\"caption-attachment-5955497\" class=\"wp-caption-text\"><span class=\"credit\">malwarebytes<\/span><\/figcaption><\/figure>\n<p>After installation, the PWA sends notifications, looks for permissions to access clipboard data and other browser features, and then deploys a service worker that enables push notifications, background tasks, and sensitive data collection.<\/p>\n<p>Researchers say they can steal login credentials, intercept OTPs used for multi-factor authentication, and harvest cryptocurrency wallet addresses. The tool can also access clipboard data, collect GPS location information, and capture other device details.<\/p>\n<p>The attack can also turn the victim&#8217;s browser into a proxy that routes the attacker&#8217;s traffic. This means that cybercriminals can hide their activities behind user devices while continuing to monitor data from compromised browsers.<\/p>\n<figure data-wp-context=\"{\" imageid=\"\" data-wp-interactive=\"core\/image\" class=\"wp-block-image size-large wp-lightbox-container\"><img loading=\"lazy\" decoding=\"async\" width=\"963\" height=\"692\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-on-async--load=\"callbacks.setButtonStyles\" data-wp-on-async-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/umang.pk\/wp-content\/uploads\/2026\/03\/1772607044_47_This-fake-Google-security-check-can-steal-your-password-Heres.jpeg\" alt=\"Android app installation prompt\" class=\"wp-image-5955499\" title=\"\"><button class=\"lightbox-trigger\" type=\"button\" aria-haspopup=\"dialog\" aria-label=\"Enlarge\" data-wp-init=\"callbacks.initTriggerButton\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-style--right=\"state.imageButtonRight\" data-wp-style--top=\"state.imageButtonTop\"><br \/>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewbox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\"\/>\n\t\t\t<\/svg><br \/>\n\t\t<\/button><figcaption id=\"caption-attachment-5955499\" class=\"wp-caption-text\"><span class=\"credit\">malwarebytes<\/span><\/figcaption><\/figure>\n<p>The incident highlights a broader trend in cybercrime where even the latest AI tools can be abused, with researchers showing that browsing-assisted chatbots can act as covert relays for malware traffic.<\/p>\n<h2 class=\"wp-block-heading\">How to stay protected?<\/h2>\n<p>Google does not run security checks through arbitrary pop-up pages. If a \u201csecurity warning\u201d asks you to install software, enable notifications, or share your contacts, close it. Real security tools are only available through your account at myaccount.google.com.<\/p>\n<p>To stay safe, you should pay close attention to security messages and website addresses. Always check the URL before entering your login information and don&#8217;t install unknown web apps.<\/p>\n<p>Enabling two-factor authentication and using a password manager can also add extra protection if your credentials are compromised.<\/p>\n<p>Google is also strengthening its defenses against new threats. The company recently discovered a new AI-based malware that can rewrite its own code in real time.<\/p>\n<p>That&#8217;s why Chrome is testing Gemini-based anti-fraud protection to automatically flag suspicious websites before users fall prey to phishing attacks.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>A new phishing campaign is using fake Google security checks to steal passwords and other sensitive data from unsuspecting users. Researchers at Malwarebytes warned that the scam impersonates Google&#8217;s account protection system to trick victims into installing a malicious web app. Once installed, the tool quietly collects your credentials, one-time passwords, and other personal information. [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[3058,5919,49993,49994,9811,47246,49995,49996],"tags":[19047,19947,49988,49990,49989,49991,49992],"class_list":["post-19540","post","type-post","status-publish","format-standard","hentry","category-computing","category-google","category-google-security-check","category-impersonation","category-malware","category-news","category-phishing","category-phishing-site","tag-computing","tag-google","tag-google-security-verification","tag-malware","tag-personification","tag-phishing","tag-phishing-site"],"_links":{"self":[{"href":"https:\/\/umang.pk\/ur\/wp-json\/wp\/v2\/posts\/19540","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/umang.pk\/ur\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/umang.pk\/ur\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/umang.pk\/ur\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/umang.pk\/ur\/wp-json\/wp\/v2\/comments?post=19540"}],"version-history":[{"count":0,"href":"https:\/\/umang.pk\/ur\/wp-json\/wp\/v2\/posts\/19540\/revisions"}],"wp:attachment":[{"href":"https:\/\/umang.pk\/ur\/wp-json\/wp\/v2\/media?parent=19540"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/umang.pk\/ur\/wp-json\/wp\/v2\/categories?post=19540"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/umang.pk\/ur\/wp-json\/wp\/v2\/tags?post=19540"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}