Fake Google security page can turn your browser into a spying tool

A caller phishing scam is tricking radical into installing malware by pretending to beryllium a Google information check. The leafage looks convincing and tells you that your Google relationship needs further protection. It walks you done a elemental setup process that appears to fortify your information and support your devices.

If you travel those steps, you whitethorn extremity up installing what looks similar a harmless information tool. In reality, information researchers accidental the leafage installs a malicious web app that tin spy connected your device. It tin bargain login verification codes, ticker what you transcript and paste, way your determination and softly nonstop net postulation done your browser. 

The astir troubling portion is that thing is technically hacked. Instead of exploiting a bundle flaw, attackers simply instrumentality you into granting the permissions they need. Once that happens, your ain browser tin commencement moving for them without you realizing it.

Sign up for my FREE CyberGuy Report. Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox. Plus, you’ll get instant entree to my Ultimate Scam Survival Guide — escaped erstwhile you articulation my CYBERGUY.COM newsletter.

THE #1 GOOGLE SEARCH SCAM EVERYONE FALLS FOR

The fake tract mimics a Google information leafage and urges visitors to implicit a speedy "account protection" setup. (AP Photo/Don Ryan, File)

All astir the fake Google information page

Security researchers astatine Malwarebytes, a cybersecurity company, precocious discovered a phishing website that pretends to beryllium portion of Google's relationship extortion system. The tract uses the domain google-prism[.]com and presents what looks similar a morganatic information leafage asking you to implicit a abbreviated verification process. Visitors are told they should implicit a four-step setup to amended their relationship protection. The leafage explains that these steps volition assistance unafraid your Google relationship and support your devices from threats. During the process, the tract asks you to o.k. respective permissions and instal what it claims is simply a information tool.

The instrumentality it installs is really a Progressive Web App. This benignant of exertion runs done your browser but behaves similar a regular app connected your computer. It opens successful its ain window, tin nonstop notifications and tin tally tasks successful the background. Once installed, the malicious web app tin cod contacts, work accusation you transcript to your clipboard, way GPS determination information and effort to seizure one-time login codes sent to your phone. These codes are commonly utilized erstwhile you motion successful to accounts that usage two-factor authentication.

The fake information leafage whitethorn besides connection an Android companion app described arsenic a "critical information update." Researchers recovered that this app requests 33 permissions, including entree to substance messages, telephone logs, contacts, microphone recordings and accessibility features. Those permissions springiness attackers the quality to work messages, seizure keystrokes, show notifications and support power implicit parts of the device. Even if the Android app is ne'er installed, the web app unsocial tin inactive cod delicate accusation and softly tally enactment done your browser.

How it works and wherefore it matters to you

The scam works due to the fact that it looks similar thing you would usually trust. Many radical expect information alerts from the services they use, particularly erstwhile it comes to protecting email oregon unreality accounts. Attackers instrumentality vantage of that spot by presenting the fake leafage arsenic a adjuvant information feature. When you o.k. the permissions and instal the web app, you are fundamentally giving the attackers entree to definite parts of your device. One of the main things they effort to seizure is one-time passwords. These are the abbreviated codes you person erstwhile logging successful to accounts that necessitate two-factor authentication.

If attackers negociate to seizure those codes portion besides knowing your password, they whitethorn beryllium capable to interruption into your accounts. That could see your email, fiscal services, oregon cryptocurrency wallets, depending connected which accounts you use. The malware besides watches what you transcript and paste. Many radical transcript cryptocurrency wallet addresses earlier sending integer currency, and those addresses tin beryllium invaluable to criminals. The malicious app tin cod that accusation and nonstop it backmost to the attackers.

Another diagnostic allows attackers to way net requests done your browser. This means they tin tally online enactment done your instrumentality truthful it appears to travel from your location network. The app tin besides nonstop notifications that look similar information alerts oregon strategy warnings. When you click those notifications, the app opens again and gains different accidental to seizure accusation specified arsenic login codes oregon clipboard data.

Google says built-in protections tin artifact the threat

After learning astir the phishing campaign, we asked Google astir the malicious tract and whether users are protected.

A Google spokesperson told CyberGuy that respective built-in information systems are designed to halt threats similar this earlier they origin harm.

"We tin corroborate that Safe Browsing successful Chrome warns immoderate idiosyncratic who tries to sojourn this site. Chrome besides shows a confirmation dialog whenever anyone attempts to download an APK. Android users are automatically protected against known versions of this malware by Google Play Protect, which is connected by default connected Android devices with Google Play Services."

Google besides said that its existent monitoring shows nary apps containing this malware are disposable connected the Google Play Store.

ANDROID MALWARE HIDDEN IN FAKE ANTIVIRUS APP

Even if malicious apps are installed from extracurricular authoritative stores, Google says Android devices inactive person an further furniture of protection. Google Play Protect tin pass users oregon artifact apps known to grounds malicious behavior, including apps installed from third-party sources.

However, it is important to enactment that Google Play Protect whitethorn not beryllium enough. Historically, it isn't 100% foolproof astatine removing each known malware from Android devices, which is wherefore we urge further beardown antivirus bundle to observe malicious downloads, suspicious browser enactment and phishing attempts earlier they origin superior damage. It acts arsenic an aboriginal informing strategy that helps artifact unsafe apps and websites earlier they summation entree to your instrumentality oregon your data.

During the process, users are prompted to o.k. permissions and instal what appears to beryllium a information tool. (iStock)

Get my picks for the champion 2026 antivirus extortion winners for your Windows, Mac, Android & iOS devices astatine Cyberguy.com.

7 ways to support yourself from fake information pages

If you ever travel crossed a suspicious "security check" similar this, a fewer elemental habits tin assistance you debar falling into the trap and support your accounts and devices.

1) Never tally information checks from random websites

Google does not inquire you to instal information tools done pop-ups oregon unfamiliar websites. If a leafage claims your relationship needs a information check, adjacent the tab and spell straight to Google's authoritative relationship leafage by typing the code yourself. Visiting the existent relationship settings leafage prevents attackers from redirecting you to a fake site.

2) Check website addresses cautiously earlier trusting them

Phishing pages often usage domains that look akin to existent companies. Attackers trust connected radical clicking rapidly without paying attraction to the code bar. If the website code is not an authoritative Google domain, bash not spot it. Even a tiny alteration successful the spelling tin bespeak a fake tract designed to bargain information.

3) Remove suspicious web apps from your browser

If you installed an app done a website and it opens similar a standalone program, cheque your browser's installed apps oregon extensions list. Remove thing you bash not admit oregon bash not retrieve installing. Uninstalling the app instantly prevents it from collecting much accusation oregon moving commands done your browser.

4) Check your Android telephone for unfamiliar apps

Researchers accidental the malicious Android app whitethorn look arsenic "Security Check" oregon "System Service." If you spot unfamiliar apps with these names, reappraisal the permissions they petition and region them if they look suspicious. Apps asking for extended permissions specified arsenic SMS access, accessibility features, and microphone power should ever beryllium investigated.

5) Use a password manager for your accounts

A password manager helps you make and store strong, unsocial passwords for each relationship you usage online. If attackers get 1 password, they volition not automatically summation entree to different accounts. Password managers tin besides assistance forestall you from entering credentials connected fake sites due to the fact that they usually garbage to auto-fill connected lookalike domains.

Check retired the champion expert-reviewed password managers of 2026 astatine Cyberguy.com

6) Enable two-factor authentication whenever possible

Two-factor authentication (2FA) adds an other furniture of extortion beyond your password. Even though this onslaught tries to seizure SMS verification codes, galore services let you to usage authenticator apps instead. These apps make login codes connected your instrumentality and marque it overmuch harder for attackers to intercept them.

7) Monitor your accounts for antithetic activity

If you deliberation you interacted with a suspicious information page, support a adjacent oculus connected your accounts implicit the pursuing days. Watch for login alerts, password reset emails, oregon transactions you bash not recognize. Acting rapidly aft suspicious enactment tin assistance forestall attackers from gaining afloat power of your accounts.

Pro tip: Reduce however easy scammers tin people you

Scammers often stitchery idiosyncratic details from information broker sites to marque phishing messages look much convincing. A information removal work tin assistance region your idiosyncratic accusation from galore of those databases, reducing the magnitude of accusation criminals tin usage to impersonate companies oregon trade targeted scams. 

Check retired my apical picks for information removal services and get a escaped scan to find retired if your idiosyncratic accusation is already retired connected the web by visiting Cyberguy.com

Get a escaped scan to find retired if your idiosyncratic accusation is already retired connected the web: Cyberguy.com.

Researchers accidental the malicious web app could cod login codes, clipboard information and different delicate information.  (Felix Zahn/Photothek via Getty Images)

Kurt's cardinal takeaway

Attackers are changing tactics. Instead of breaking into systems done method flaws, they are relying connected convincing information messages that transportation radical to instal tools themselves. All of america trust connected acquainted brands similar Google erstwhile making information decisions, and attackers cognize that. Preventing these scams volition apt necessitate faster enactment against impersonation sites and stronger safeguards astir what web apps are allowed to bash erstwhile installed.

Should companies similar Google beryllium required to automatically artifact lookalike domains that unreal to tally authoritative information checks earlier radical autumn for them? Let america cognize by penning to america astatine Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report. Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox. Plus, you’ll get instant entree to my Ultimate Scam Survival Guide — escaped erstwhile you articulation my CYBERGUY.COM newsletter. 

Copyright 2026 CyberGuy.com.  All rights reserved.