Find notable cyber news and cases, enriched with sources, timelines, and signals.

Fake Google Account security page PWA phishing campaign

Campaign
First reported
Last updated
Happening score
H score 35
1 unique sources, 1 articles

Summary

Hide ▲

A phishing campaign is using a fake Google Account security page and a Progressive Web App (PWA) to steal one-time passcodes, harvest cryptocurrency wallet addresses, and relay attacker traffic through victims’ browsers. The operation matters because it turns the browser into an attack platform for credential theft, session abuse, and network proxying. A companion Android APK extends the same operation with broader permission abuse and persistence.

Related Happenings

Google Play Protect adds warnings and app disabling for compromised SDK abuse

Security Tool/Service
H score11 First: 03.07.2026 12:35 Last: 03.07.2026 12:35 Sources 1

About this happening: **Google Play Protect** was updated in **July 2026** to **warn Android users automatically** and **disable apps** tied to **compromised SDKs**, limiting abuse of consumer devices...

Search for perplexity ai malicious Chrome extension

Malware Activity
H score29 First: 29.06.2026 21:40 Last: 29.06.2026 21:40 Sources 1

About this happening: A malicious **Chrome extension** named **Search for perplexity ai** impersonated **Perplexity AI** while **intercepting search traffic** and collecting **browsing information** th...

Google Gemini on Android notification-injection bypass using Fake Context Alignment

Technical Analysis
H score16 First: 03.06.2026 22:11 Last: 03.06.2026 22:11 Sources 1

About this happening: Researchers found a **notification-based prompt-injection bypass** in **Google Gemini on Android** that could turn hostile notification text into **unauthorized assistant actions*...

Google rolls out Android fake call detection against AI impersonation scam calls

Security Tool/Service
H score20 First: 03.06.2026 12:02 Last: 03.06.2026 12:02 Sources 1

About this happening: **Google** is rolling out **fake call detection** on **Android 12 and later** devices this month, giving users a built-in warning when a caller may be using **AI voice-cloning** o...

Openew[.]app cloaked malware download portal

Malware Activity
H score26 First: 29.05.2026 21:21 Last: 29.05.2026 21:21 Sources 1

About this happening: The **openew[.]app** malware-delivery activity now also uses **legitimate ChatGPT shared pages** as the first lure, with **Google ads** and **SEO poisoning** sending victims to a...

Timeline

  1. 02.03.2026 22:23 2 articles · 4mo ago

    Fake Google Account security page PWA phishing campaign disclosed

    Initial Disclosure

    A phishing campaign targeting users uses a fake Google Account security page, a malicious Progressive Web App (PWA), and a companion Android APK to steal one-time passcodes, harvest cryptocurrency wallet addresses, exfiltrate contacts, collect real-time GPS data and clipboard contents, proxy attacker traffic through victims’ browsers, and persist through browser notifications and Android device-admin abuse.

    Show sources