Phishing Campaign Exploits Fake Google Security Page with PWA for Credential Theft
Attackers are using a fake Google Account security page to deliver a Progressive Web App (PWA) that steals credentials, MFA codes, and proxies traffic through victims' browsers. This campaign poses a significant risk due to its ability to bypass multi-factor authentication.
Affected
The phishing campaign leverages a fake Google security page to distribute a malicious PWA. This app steals sensitive information such as credentials and one-time passcodes, undermining the security of MFA. The use of PWA adds sophistication, allowing persistent access and traffic routing. Attackers target Google users directly, exploiting trust in a well-known brand. Defenders should warn users about suspicious login pages, enforce HTTPS, and monitor for unusual activity. This highlights the need for improved user education and detection mechanisms against such advanced phishing tactics.
Sources