This new phishing campaign uses a fake Google Account security page to steal passcodes and more

• Attackers are abusing Progressive Web Apps (PWAs) on Android
• Victims lured via phishing site google-prism[dot]com into installing malicious PWA
• PWA harvests clipboard, crypto wallets, OTPs, GPS, and more

Threat actors have begun turning to Progressive Web Apps (PWA) to do their evil bidding on Android, stealing login credentials, cryptocurrency wallet data, GPS information, and more, experts have warned.

Security researchers from Malwarebytes recently detailed one such campaign they spotted in the wild, starting with a phishing email, luring people to a fake Google site google-prism[dot]com.

Under the pretense of enhanced security, the victims are walked through a four-step “security” check that includes installing a malicious PWA.