Fake Google Meet update lets hackers control your Windows PCs

You mightiness deliberation the biggest information online is downloading a microorganism oregon giving distant your password. But a caller phishing instrumentality shows however attackers tin instrumentality power of your machine without either of those things happening. 

Security researchers precocious uncovered a fake Google Meet update leafage that looks convincing capable to fool galore people. All it takes is 1 click connected a fastener that says "Update now."  Instead of installing an update, you tin beryllium tricked into enrolling your Windows machine successful a distant absorption strategy controlled by attackers.

Sign up for my FREE CyberGuy Report
Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox. Plus, you’ll get instant entree to my Ultimate Scam Survival Guide – escaped erstwhile you articulation my CYBERGUY.COM newsletter.

TECH GIANTS UNITE TO FIGHT ONLINE SCAMS
 

A fake Google Meet update leafage tin instrumentality Windows users into handing attackers distant power of their computers done a built-in instrumentality enrollment feature. (pocketlight/Getty Images)

All you request to cognize astir the fake Google Meet update

Researchers astatine Malwarebytes, a cybersecurity institution that develops bundle to observe and region malware, discovered a phishing website designed to look similar an authoritative update announcement for Google Meet. The leafage tells visitors they request to instal the latest mentation of Meet to proceed utilizing the service. The plan uses acquainted colors and branding that galore of america subordinate with Google products.

When idiosyncratic clicks the "Update now" button, it does not download an update astatine all. Instead, it triggers a built-in Windows diagnostic utilizing a peculiar instrumentality enrollment nexus that opens a existent strategy model called "Set up a enactment oregon schoolhouse account." This model usually appears erstwhile a company's IT section sets up a laptop for an employee.

In this scam, the setup model is already filled with accusation that connects the machine to a distant absorption server controlled by the attacker. The strategy points to an online absorption work hosted connected Esper, which is simply a morganatic level utilized by businesses to negociate institution devices.

If the unfortunate clicks done the setup process, his machine becomes enrolled successful what is called a mobile instrumentality absorption system. That gives whoever controls the server the aforesaid level of power a company's IT section would person implicit a enactment laptop.

Security researchers accidental the attackers are not expecting everyone to implicit the process. Even if lone a tiny fig of radical click done the prompts, that tin inactive springiness them entree to capable computers to marque the run worthwhile.

How it works and wherefore it matters to you

This onslaught works by abusing a morganatic Windows diagnostic alternatively than installing malware. Windows includes thing called instrumentality enrollment, which lets companies link worker computers to a absorption system. Once a instrumentality is enrolled, administrators tin remotely power galore aspects of that machine.

In a mean workplace setting, this helps IT teams instal institution software, enforce information settings and negociate devices. Attackers realized they could instrumentality radical into joining their ain absorption strategy instead. When you click the fake update button, Windows launches a built-in enrollment process. Because it is simply a existent strategy diagnostic and not a fake pop-up, it looks morganatic and tin bypass galore information warnings.

If you implicit the steps, the attacker efficaciously becomes the head of your computer. That could let the hacker to silently instal software, alteration strategy settings, presumption files stored connected your computer, fastener your surface oregon adjacent hitch the instrumentality entirely. In immoderate cases, the hacker could besides instal further malware later. What makes this onslaught particularly tricky is that accepted antivirus tools whitethorn not observe thing incorrect due to the fact that the operating strategy itself is performing the actions.

We reached retired to Google for comment, and a spokesperson provided the pursuing statement: "These 'update now' prompts are not morganatic Google communications. This is simply a phishing run that attempts to instrumentality users into a Windows instrumentality enrollment process. Google Meet updates are handled automatically done your browser oregon the authoritative app. Google volition ne'er punctual you to sojourn a third-party tract to enroll a idiosyncratic instrumentality to person an update." 

FAKE GOOGLE SECURITY PAGE CAN TURN YOUR BROWSER INTO A SPYING TOOL
 

Instead of downloading malware, victims who click done a fake update leafage whitethorn unknowingly springiness attackers administrator-level entree to their Windows devices. (Beata Zawrzel/NurPhoto via Getty Images)

7 ways to support yourself from the fake Google Meet update

If you ever spot a connection saying you indispensable update a work earlier continuing, dilatory down and verify it first. A fewer elemental habits tin forestall attacks similar this from working.

1) Be skeptical of unexpected update prompts

If a website abruptly tells you that a work similar Google Meet needs an update earlier you tin continue, intermission for a moment. Major platforms seldom unit updates done random web pages. Google Meet updates hap automatically done your browser oregon authoritative app and ne'er necessitate visiting a third-party site. Always cheque the URL bar. Legitimate Google Meet sessions lone tally on meet.google.com. A existent update volition ne'er effort to enroll your full machine oregon trigger system-level setup screens. If it does, it is simply a scam. Instead, unfastened the work straight from its authoritative website oregon app and cheque for updates there.

2) Check if your instrumentality was enrolled without your knowledge

On a Windows computer, unfastened Settings, past spell to Accounts and look for "Access enactment oregon school." If you spot an unfamiliar relationship oregon enactment listed, particularly 1 you bash not recognize, disconnect it immediately. This conception shows whether your instrumentality has been enrolled successful a distant absorption system.

3) Reduce your vulnerability with a information removal service

Cybercriminals often trust connected idiosyncratic accusation recovered online to marque phishing attacks much convincing. Data removal services assistance region your accusation from information broker sites, reducing the chances that scammers tin people you with personalized attacks. While it volition not halt this circumstantial trick, it tin marque you a harder people overall. Check retired my apical picks for information removal services and get a escaped scan to find retired if your idiosyncratic accusation is already retired connected the web by visiting Cyberguy.com.

4) Use beardown antivirus software

Google says Gmail's AI protections artifact much than 99.9% of spam, phishing and malware, but scams tin inactive scope you done hunt results, ads oregon links shared extracurricular your inbox. That's wherefore utilizing beardown antivirus bundle with real-time extortion tin assistance observe suspicious behaviour that whitethorn look aft an attacker gains power of a device. Even though this onslaught uses morganatic Windows features, information tools tin inactive place antithetic strategy changes oregon malicious bundle installed afterward. Get my picks for the champion 2026 antivirus extortion winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

DARKSWORD LEAK PUTS MILLIONS OF IPHONE USERS AT RISK
 

Security researchers uncovered a phishing scam that uses a fake Google Meet update punctual to enroll idiosyncratic computers into attacker-controlled distant absorption systems. (400tmax/Getty Images)

5) Keep Windows and your browser updated

Software updates often see information protections that assistance artifact caller onslaught methods. Running the latest mentation of Windows and your web browser reduces the chances of attackers exploiting older strategy behaviors oregon vulnerabilities.

6) Use a password manager

A password manager lone autofills your login details astatine the close website address. If you onshore connected a phishing leafage pretending to beryllium a work similar Google Meet, your password manager volition not capable successful your information. That informing unsocial tin assistance you recognize thing is incorrect earlier you click anything. It besides encourages you to trust connected saved logins alternatively of interacting with suspicious update prompts. Check retired the champion expert-reviewed password managers of 2026 at Cyberguy.com.

7) Never implicit strategy setup prompts you didn't start

If a Windows strategy model abruptly appears asking you to acceptable up a enactment oregon schoolhouse account, halt immediately. Legitimate setup prompts typically look erstwhile you are configuring a instrumentality oregon pursuing instructions from your employer, not from clicking a random website. If you did not expect it, adjacent the window.

Kurt's cardinal takeaway

Cybercrime is changing by the minute. Instead of penning evident viruses, attackers are progressively abusing morganatic features built into operating systems and unreality services. In this case, some Windows instrumentality enrollment and the absorption level being utilized are existent tools designed for businesses. The attackers simply redirected those tools toward radical who ne'er intended to manus implicit power of their computers. That should archer you however easy almighty endeavor features tin beryllium repurposed for attacks erstwhile determination are fewer safeguards preventing misuse.

Should operating systems artifact instrumentality enrollment requests that travel from random websites? Let america cognize by penning to america at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox. Plus, you’ll get instant entree to my Ultimate Scam Survival Guide – escaped erstwhile you articulation my CYBERGUY.COM newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.