Google Looker Studio abused in cryptocurrency phishing attacks


Cybercriminals are abusing Google Looker Studio to create counterfeit cryptocurrency phishing websites that phish digital asset holders, leading to account takeovers and financial losses.

Google’s Looker Studio (formerly Data Studio) is an online data conversion tool used for creating customizable reports out of raw data from spreadsheets and other sources, featuring easily digestible elements like charts and graphs.

Check Point researchers have discovered that hackers are exploiting the trusted service of Google Looker Studio to craft cryptocurrency phishing pages.

The cybercriminals embed the URLs of these pages in phishing emails to bypass email security checks due to Looker Studio’s legitimate nature and good reputation.

The phishing emails supposedly originate from Google and include the tech giant’s letterhead, informing the recipient that as part of their participation in the firm’s premium cryptocurrency insights and trading strategies program, they have won roughly 0.75 Bitcoin ($19,200).

The otherwise well-written email urges Gmail users to follow the embedded link to collect their earnings.

Phishing email
Phishing email (Check Point)

Clicking on the URL leads victims to phishing pages that host a Google Slideshow promising cryptocurrency winnings, but on this step, the amount has been raised to 1.35 BTC ($34,700).

Landing page
Landing page (Check Point)

The visitor is requested to enter their crypto wallet login details to receive the amount, and a timer introduces urgency to the whole process and makes it easier to miss obvious signs of fraud.

Timer appears on the intermediate step
Timer appears on the intermediate step
​​​​​​​(Check Point)

Any Google credentials entered on that page are stolen by the cybercriminals, who can then use them to breach other accounts and, potentially, funds from crypto exchanges.

Phishing webpage
Phishing webpage (Check Point)

Check Point says it informed Google of the abuse on August 22, 2023, but it is unclear if the tech giant has taken any actions to block the campaign and prevent similar threats in the future.

Google says users can report malicious content and phishing pages on Google Looker Studio via their reporting tool.

“Looker Studio follows Google’s corporate wide policies for reporting content, and urges all customers to use our reporting tool to report content and product policy violations,” a Google spokesperson told BleepingComputer.

“This will give us the best information on how to address this feedback. We also recommend viewing our safety center for best security tips and tools.”



Source link