Fake security tool targets 1.8 bln Gmail users in new phishing scam: report

A new phishing campaign targeting users of Gmail is using a counterfeit security tool to harvest sensitive information, according to cybersecurity researchers cited in a recent report by the Daily Mail.

Researchers at Malwarebytes Labs said the scam involves a malicious website designed to closely resemble Google’s official account security interface. The site presents users with a four-step process that appears to enhance account protection but is instead intended to collect personal data that can be used to access email accounts and other services.

The attackers are directing potential victims to the fraudulent page through phishing emails, text messages and pop-up alerts that claim a user’s account requires urgent verification. Once on the site, users are prompted to install what appears to be a legitimate security application.

According to the researchers, the tool is installed as a progressive web application, which can mimic the appearance of a native app and remove visible browser indicators such as the address bar. This, they said, makes it more difficult for users to recognise that they are interacting with a malicious site.

The process then asks users to enable notifications, share contact lists and grant access to their device’s location data. While presented as security measures, these permissions allow attackers to gather detailed personal information, including contacts and precise location data such as latitude, movement and speed.

Researchers said the tool can also intercept one-time verification codes used for two-factor authentication, a common security feature for logging into accounts. In some cases, additional malicious software may be installed to record keystrokes, potentially capturing usernames, passwords and other sensitive inputs.

Malwarebytes Labs warned that the attack could allow cybercriminals to route web activity through a victim’s device, effectively using it as a proxy to access online services as if they were the legitimate user.

According to the report, the researchers emphasised that Google does not conduct account security checks through unsolicited pop-ups or requests to install external software. They advised users to avoid interacting with unexpected security alerts and to access account protection tools directly through official channels.