Edge users are being exploited by a fake Google security check
There’s a new phishing security vulnerability going around, and despite being tied to a fake Google Account page, it’s affecting a wide variety of web browsers and devices, including Microsoft Edge, PCs, and phones.
Found by Malwarebytes (with PCGamer)bad actors use a Google Account security verification page that looks like a standard security check to use what is called “one of the most fully-installed browser-based monitoring tools. [Malwarebytes] see them in the wild.”
Disabling a malicious PWA does not eliminate the vulnerability
Assuming the user falls for the trick and reinstalls the PWA, disabling it does not eliminate the vulnerability.
When the app is open, it can read clipboards to try to find passwords and wallet addresses, capturing the SMS codes used for authentication at the same time. If the application is closed, this component does not work. However, the “service worker” is always active. Here’s how Malwarebytes describes it:
It sits at the bottom of the page, handles push notifications, runs background tasks embedded in the push payload, and queues stolen data when the device is offline, then clears that queue when connectivity is restored. It includes background event handlers and some synchronization sessions, allowing it to trigger and execute operations where those features are supported and registered.
Malwarebytes
So, while you can stop the clipboard and SMS data collection by closing the PWA, the service worker continues to run. With the right notification permissions, it can wake up, push new tasks, and trigger data uploads.
Bad actors can use your browser as if it were their own
The vulnerability goes from bad to worse, as Malwarebytes explains how bad actors can make it look like their web traffic is coming from your browser to your IP.
This is achieved by connecting to a WebSocket relay with the installed malware acting as a proxy. Not only is this a scary prospect in terms of fraud or conspiracy, but it can also compromise corporate networks.
How to check if your Windows PC is vulnerable
Malwarebytes lays out the necessary steps to check if your Android, macOS, iOS, and Windows devices are compromised, with steps to help you remove malicious PWAs.
I recommend that you run through the steps as soon as possible, even if you don’t remember entering anything related to the Google Security Alert. Better to be safe than sorry.
What do you think about the browser vulnerability affecting Edge users?
Have you been affected by this new type of malware detected by Malwarebytes? Are you concerned about how malware evolves so it doesn’t need a bug or exploit? Let me know in the comments section!
Join us Reddit at r/WindowsCentral to share your information and discuss our latest news, reviews, and more.
