IAMRoadmapIAMRoadmap
INDUSTRY TRENDS

IAM News: Fake Google Security site uses PWA app to steal credentials, MFA codes

A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wa

2 min readMarch 4, 2026IAM Roadmap Team

Key Insight

A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptoc...

📰 Source: Bleeping Computer

Summary

A phishing campaign has been discovered using a fake Google Account security page to deliver a web-based Progressive Web App (PWA) that steals one-time passcodes, harvests cryptocurrency wallet addresses, and proxies attacker traffic through victims' browsers. This attack takes advantage of users' trust in the Google brand and their willingness to engage with security-related content. The stolen credentials and MFA codes can be used for various malicious activities.

Attack Flow

Clicks on fake link

Downloads PWA

Steals Credentials

Uses MFA Codes

Phishing Email

Fake Google Security Page

PWA App on Victim's Browser

Attacker Accesses Victim's Account

Attacker Performs Malicious Activities

IAM Impact

This attack highlights the importance of educating users about phishing and the dangers of downloading PWAs from untrusted sources. It also emphasizes the need for organizations to implement robust security measures, such as multi-factor authentication (MFA) and password policies, to protect against credential theft. Also, this attack demonstrates the importance of monitoring user behavior and detecting suspicious activity to prevent attackers from using stolen credentials.

Key Takeaways

  • Phishing attacks can be sophisticated: This attack uses a fake Google security page to trick users into downloading a PWA app, demonstrating the creativity and complexity of modern phishing attacks.
  • MFA is not foolproof: Even with MFA in place, attackers can still use stolen one-time passcodes to access user accounts, highlighting the need for additional security measures.
  • User education is crucial: Educating users about phishing and the dangers of downloading PWAs from untrusted sources can help prevent these types of attacks.

Recommendations

  • Implement robust security measures: Organizations should implement robust security measures, such as MFA, password policies, and regular security audits, to protect against credential theft.
  • Monitor user behavior: Organizations should monitor user behavior and detect suspicious activity to prevent attackers from using stolen credentials.
  • Educate users: Educate users about phishing and the dangers of downloading PWAs from untrusted sources to prevent these types of attacks.
Trend Topics
IAM newssecurity newsBleeping Computer
All Articles