**Hacker Pranks**

**Fake Google Security Page Exposes Users to Malware**

A recent phishing scam has been making waves, with attackers using a convincing fake Google security page to trick users into installing malware on their devices. The malicious website, which mimics the look and feel of a genuine Google account protection system, prompts visitors to complete a four-step setup process that appears to strengthen their security. However, this "security check" is actually designed to install a Progressive Web App (PWA) that can collect sensitive information, including login verification codes, clipboard data, and GPS location.

**The Scam Works**

Researchers at Malwarebytes discovered the phishing website, which uses the domain google-prism[.]com. The site's design and language are so convincing that many users may fall for it, especially those who trust security alerts from companies like Google. Once a user grants the necessary permissions and installs the PWA, their browser becomes a spying tool, capable of running tasks in the background and sending notifications.

**The Risks**

If attackers manage to capture one-time passwords, they can gain access to users' accounts, including email, financial services, and cryptocurrency wallets. The malware also watches what users copy and paste, potentially capturing valuable information such as cryptocurrency wallet addresses. Furthermore, the app can route internet requests through the user's browser, making it appear as though online activity is coming from their home network.

**Google's Response**

When asked about the phishing campaign, a Google spokesperson stated that several built-in security systems are designed to stop threats like this before they cause harm. These include Safe Browsing in Chrome, which warns users trying to visit the malicious site, and Android devices' Google Play Protect, which blocks known versions of the malware. However, it's essential to note that these protections may not be foolproof.

**Protecting Yourself**

To avoid falling victim to this scam, follow these 7 simple habits:

1. **Never run security checks from random websites**: If a page claims your account needs a security check, close the tab and go directly to Google's official account page. 2. **Check website addresses carefully**: Phishing pages often use domains that look similar to real companies. Be cautious of small changes in spelling or punctuation. 3. **Remove suspicious web apps from your browser**: Uninstall any unfamiliar apps or extensions to prevent further data collection. 4. **Check your Android phone for unfamiliar apps**: Review permissions requested by new apps, and remove those with excessive access. 5. **Use a password manager**: Create unique passwords for each account, making it harder for attackers to gain control of multiple accounts. 6. **Enable two-factor authentication**: Add an extra layer of protection beyond passwords, using authenticator apps or other methods. 7. **Monitor your accounts for unusual activity**: Keep a close eye on login alerts, password reset emails, and transactions you don't recognize.

**Conclusion**

Attackers are evolving their tactics, relying on convincing security messages to persuade users into installing tools themselves. By being aware of these scams and taking steps to protect yourself, you can avoid becoming the next victim. Stay vigilant, and remember: when in doubt, close the tab and verify the authenticity of any "security check" through Google's official channels.

**Additional Resources**

* Get my picks for the best 2026 antivirus protection winners at Cyberguy.com. * Check out my top picks for data removal services to reduce your personal information's availability on data broker sites. * Sign up for my FREE CyberGuy Report and get instant access to my Ultimate Scam Survival Guide.

**Share Your Thoughts**

Should companies like Google be required to automatically block lookalike domains that pretend to run official security checks? Let me know by writing to us at Cyberguy.com.