Fake Google security page can turn your browser into a spying tool

A caller phishing scam is tricking group into installing malware by pretending to beryllium a Google information check. The page looks convincing and tells you that your Google relationship needs further protection. It walks you done a elemental setup process that appears to fortify your information and protect your devices.

If you travel those steps, you whitethorn extremity up installing what looks for illustration a harmless information tool. In reality, information researchers opportunity nan page installs a malicious web app that tin spy connected your device. It tin bargain login verification codes, watch what you transcript and paste, way your location and softly nonstop net postulation done your browser. 

The astir troubling portion is that thing is technically hacked. Instead of exploiting a package flaw, attackers simply instrumentality you into granting nan permissions they need. Once that happens, your ain browser tin commencement moving for them without you realizing it.

Sign up for my FREE CyberGuy Report. Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox. Plus, you’ll get instant entree to my Ultimate Scam Survival Guide — free erstwhile you subordinate my CYBERGUY.COM newsletter.

THE #1 GOOGLE SEARCH SCAM EVERYONE FALLS FOR

The clone tract mimics a Google information page and urges visitors to complete a speedy "account protection" setup. (AP Photo/Don Ryan, File)

All astir nan clone Google information page

Security researchers astatine Malwarebytes, a cybersecurity company, precocious discovered a phishing website that pretends to beryllium portion of Google's relationship protection system. The tract uses nan domain google-prism[.]com and presents what looks for illustration a morganatic information page asking you to complete a short verification process. Visitors are told they should complete a four-step setup to amended their relationship protection. The page explains that these steps will thief secure your Google account and protect your devices from threats. During nan process, nan tract asks you to o.k. respective permissions and instal what it claims is simply a information tool.

The instrumentality it installs is really a Progressive Web App. This type of exertion runs done your browser but behaves for illustration a regular app connected your computer. It opens successful its ain window, tin nonstop notifications and tin tally tasks successful nan background. Once installed, nan malicious web app tin cod contacts, publication accusation you transcript to your clipboard, way GPS location information and effort to seizure one-time login codes sent to your phone. These codes are commonly utilized erstwhile you motion successful to accounts that usage two-factor authentication.

The clone information page whitethorn besides connection an Android companion app described arsenic a "critical information update." Researchers recovered that this app requests 33 permissions, including entree to matter messages, telephone logs, contacts, microphone recordings and accessibility features. Those permissions springiness attackers nan expertise to publication messages, seizure keystrokes, show notifications and support power complete parts of nan device. Even if nan Android app is ne'er installed, nan web app unsocial tin still cod delicate accusation and softly tally activity done your browser.

How it useful and why it matters to you

The scam useful because it looks for illustration thing you would usually trust. Many group expect information alerts from nan services they use, particularly erstwhile it comes to protecting email aliases unreality accounts. Attackers return advantage of that spot by presenting nan clone page arsenic a adjuvant information feature. When you o.k. nan permissions and instal nan web app, you are fundamentally giving nan attackers entree to definite parts of your device. One of nan main things they effort to seizure is one-time passwords. These are nan short codes you person erstwhile logging successful to accounts that require two-factor authentication.

If attackers negociate to seizure those codes while besides knowing your password, they whitethorn beryllium capable to break into your accounts. That could see your email, financial services, aliases cryptocurrency wallets, depending connected which accounts you use. The malware besides watches what you transcript and paste. Many group transcript cryptocurrency wallet addresses earlier sending integer currency, and those addresses tin beryllium valuable to criminals. The malicious app tin cod that accusation and nonstop it backmost to nan attackers.

Another characteristic allows attackers to way net requests done your browser. This intends they tin tally online activity done your instrumentality truthful it appears to travel from your location network. The app tin besides nonstop notifications that look for illustration information alerts aliases strategy warnings. When you click those notifications, nan app opens again and gains different opportunity to seizure accusation specified arsenic login codes aliases clipboard data.

Google says built-in protections tin artifact nan threat

After learning astir nan phishing campaign, we asked Google astir nan malicious tract and whether users are protected.

A Google spokesperson told CyberGuy that respective built-in information systems are designed to extremity threats for illustration this earlier they origin harm.

"We tin corroborate that Safe Browsing successful Chrome warns immoderate personification who tries to sojourn this site. Chrome besides shows a confirmation dialog whenever anyone attempts to download an APK. Android users are automatically protected against known versions of this malware by Google Play Protect, which is connected by default connected Android devices pinch Google Play Services."

Google besides said that its existent monitoring shows nary apps containing this malware are disposable connected nan Google Play Store.

ANDROID MALWARE HIDDEN IN FAKE ANTIVIRUS APP

Even if malicious apps are installed from extracurricular charismatic stores, Google says Android devices still person an further furniture of protection. Google Play Protect tin pass users aliases artifact apps known to grounds malicious behavior, including apps installed from third-party sources.

However, it is important to statement that Google Play Protect whitethorn not beryllium enough. Historically, it isn't 100% foolproof astatine removing each known malware from Android devices, which is why we urge further beardown antivirus package to observe malicious downloads, suspicious browser activity and phishing attempts earlier they origin superior damage. It acts arsenic an early informing strategy that helps artifact vulnerable apps and websites earlier they summation entree to your instrumentality aliases your data.

During nan process, users are prompted to o.k. permissions and instal what appears to beryllium a information tool. (iStock)

Get my picks for nan champion 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices astatine Cyberguy.com.

7 ways to protect yourself from clone information pages

If you ever travel crossed a suspicious "security check" for illustration this, a fewer elemental habits tin thief you debar falling into nan trap and protect your accounts and devices.

1) Never tally information checks from random websites

Google does not inquire you to instal information devices done pop-ups aliases unfamiliar websites. If a page claims your relationship needs a information check, adjacent nan tab and spell straight to Google's charismatic relationship page by typing nan reside yourself. Visiting nan existent relationship settings page prevents attackers from redirecting you to a clone site.

2) Check website addresses cautiously earlier trusting them

Phishing pages often usage domains that look akin to existent companies. Attackers trust connected group clicking quickly without paying attraction to nan reside bar. If nan website reside is not an charismatic Google domain, do not spot it. Even a mini alteration successful nan pronunciation tin bespeak a clone tract designed to bargain information.

3) Remove suspicious web apps from your browser

If you installed an app done a website and it opens for illustration a standalone program, cheque your browser's installed apps aliases extensions list. Remove thing you do not admit aliases do not retrieve installing. Uninstalling nan app instantly prevents it from collecting much accusation aliases moving commands done your browser.

4) Check your Android telephone for unfamiliar apps

Researchers opportunity nan malicious Android app whitethorn look arsenic "Security Check" aliases "System Service." If you spot unfamiliar apps pinch these names, reappraisal nan permissions they petition and region them if they look suspicious. Apps asking for extended permissions specified arsenic SMS access, accessibility features, and microphone power should ever beryllium investigated.

5) Use a password head for your accounts

A password head helps you create and shop strong, unsocial passwords for each relationship you usage online. If attackers get 1 password, they will not automatically summation entree to different accounts. Password managers tin besides thief forestall you from entering credentials connected clone sites because they usually garbage to auto-fill connected lookalike domains.

Check retired nan champion expert-reviewed password managers of 2026 astatine Cyberguy.com

6) Enable two-factor authentication whenever possible

Two-factor authentication (2FA) adds an other furniture of protection beyond your password. Even though this onslaught tries to seizure SMS verification codes, galore services let you to usage authenticator apps instead. These apps make login codes connected your instrumentality and make it overmuch harder for attackers to intercept them.

7) Monitor your accounts for different activity

If you deliberation you interacted pinch a suspicious information page, support a adjacent oculus connected your accounts complete nan pursuing days. Watch for login alerts, password reset emails, aliases transactions you do not recognize. Acting quickly aft suspicious activity tin thief forestall attackers from gaining afloat power of your accounts.

Pro tip: Reduce really easy scammers tin target you

Scammers often stitchery individual specifications from information agent sites to make phishing messages look much convincing. A data removal service tin thief region your individual accusation from galore of those databases, reducing nan magnitude of accusation criminals tin usage to impersonate companies aliases trade targeted scams. 

Check retired my apical picks for information removal services and get a free scan to find retired if your individual accusation is already retired connected nan web by visiting Cyberguy.com

Get a free scan to find retired if your individual accusation is already retired connected nan web: Cyberguy.com.

Researchers opportunity nan malicious web app could cod login codes, clipboard information and different delicate information.  (Felix Zahn/Photothek via Getty Images)

Kurt's cardinal takeaway

Attackers are changing tactics. Instead of breaking into systems done method flaws, they are relying connected convincing information messages that seduce group to instal devices themselves. All of america trust connected acquainted brands for illustration Google erstwhile making information decisions, and attackers cognize that. Preventing these scams will apt require faster action against impersonation sites and stronger safeguards astir what web apps are allowed to do erstwhile installed.

Should companies for illustration Google beryllium required to automatically artifact lookalike domains that dress to tally charismatic information checks earlier group autumn for them? Let america cognize by penning to america astatine Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report. Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox. Plus, you’ll get instant entree to my Ultimate Scam Survival Guide — free erstwhile you subordinate my CYBERGUY.COM newsletter. 

Copyright 2026 CyberGuy.com.  All authorities reserved.