The popular Google Translate service is used as a tool to deploy cyberattacks
Network security and ethical hacking
specialists from the International Institute of Cyber Security reported the
emergence of a phishing
campaign in which attackers use the Google Translate service to extract Google
and Facebook access credentials from their victims.
The cybersecurity specialist known as Larry
Cashdollar discovered that a hacker, or group of hackers, is conducting a new
phishing attack that takes advantage of Google Transalate. This malicious
campaign targets Facebook and Google accounts and, according to the expert, is
much harder to detect when using the mobile version of a browser.
Attackers send phishing emails to potential victims, presenting them as “security alerts” generated by Google to report access to user accounts from an unknown Windows device; after posing the scenario to the victims the email shows a button with the phrase ‘Consulting activity’.
When this button is clicked, the victim is
redirected to a Google Translate session that opens the phishing page, shown as
a Google login page.
The network
security expert stressed that users of the desktop version of the
browser could detect this attack at first glance, as the translator’s bar is
visible on the home screen. However, this is very difficult to detect in mobile
browsers.
“The use of Google Translate has a variety of
purposes, but the main one is that the URL contains a legitimate Google domain,”
mentions the network security specialist. “Although this tactic might be
successful in some cases, especially on mobile devices, it is virtually
impossible for a desktop user not to see the Translator’s toolbar on the home
page,” added Larry Cashdollar.
In successful cases, once the victim enters their
Google credentials on the phishing page, they will be sent to the attacker by
email, thanks to a malicious script. If the attacker receives the user’s Google
accesses, they will perform a second attack trying to get the Facebook access
credentials.
The expert mentions that the design of the
phishing page for Facebook is very poor and is not properly optimized for
mobile devices, so it was very easy to detect the attempted fraud. “Some
attackers pay more attention to details than others; in this case, the scam was
easily detected when checking the page; Still, this does not mean that phishing
is not a risk faced by every day individuals and organizations of all kinds”, concluded
Cashdollar.
Experts recommend paying attention to details
before getting carried away by messages like this. Reviewing the sender, the
URL and the structure of the messages received are simple but helpful measures to
mitigate this kind of risk.
