Fake Google Security site uses PWA app to steal credentials, MFA codes
Summary
A phishing campaign is impersonating Google's security page by leveraging Progressive Web Apps (PWAs) to steal user credentials and multi-factor authentication (MFA) codes. The fake site also aims to harvest cryptocurrency wallet addresses and can proxy attacker traffic through compromised browsers.
IFF Assessment
This campaign represents a sophisticated phishing attack that bypasses some traditional security measures and directly targets sensitive user credentials and MFA codes, making it difficult for defenders to prevent.
Defender Context
Defenders should be aware of attackers leveraging PWAs for phishing as this is an evolving technique that can bypass traditional URL-based filtering. Educating users to scrutinize website origins, even when they appear legitimate or familiar, is crucial, especially for critical services like account security portals.