This fake Google security verification scam tricks users into installing malware

If you follow these steps, you may end up installing what appears to be a harmless security tool. In fact, security researchers say that the page installs a Malicious web application Which can spy on your device. It can steal login verification codes, watch what you copy and paste, track your location and quietly send Internet traffic through your browser.

The most disturbing part is that nothing was technically hacked. Instead of exploiting a vulnerability, attackers simply trick you into granting the permissions they need. Once this happens, your browser can start working with them without you even realizing it.

Sign up for my free CyberGuy report. Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – for free when you join my site CYBERGUY.COM Newsletter.

no. 1 Google Search Scam Everyone Has Fallen For

The fake site mimics Google’s security page and urges visitors to complete a quick “Account Protection” setup. (AP Photo/Don Ryan, File)

All about the fake Google security page

Security researchers at Malwarebytes, a cybersecurity company, recently discovered a phishing website pretending to be part of Google’s account protection system. The site uses the domain google-prism(.)com and presents what looks like a legitimate security page asking you to complete a short verification process.

Visitors are required to complete a four-step setup to better protect their account. The page explains that these steps will help Secure your Google account Protect your devices from threats. During the process, the site asks you to agree to several permissions and install what it claims to be a security tool.

The tool it installs is actually a Progressive Web application. This type of application runs through your browser but runs like a regular application on your computer. It opens in its own window, can send notifications and run tasks in the background.

Once installed, the malicious web app can collect contacts, read information you copy to your clipboard, track GPS location data and attempt to capture one-time login codes sent to your phone. These codes are commonly used when logging into accounts that use two-factor authentication.

The fake security page may also offer an Android companion app described as an “important security update.” The researchers found that this app requested 33 permissions, including access to text messages, call logs, contacts, microphone recordings, and accessibility features.

These permissions give attackers the ability to read messages, capture keystrokes, monitor notifications, and maintain control over parts of the device. Even if the Android app is never installed, the web app alone can still collect sensitive information and quietly trigger activity through your browser.

How it works and why it matters to you

The scam works because it sounds like something you would normally trust. Many people expect security alerts from the services they use, especially when it comes to protecting email or cloud accounts. Attackers exploit this trust by presenting the fake page as a useful security feature. When you agree to the permissions and install the web app, you give attackers access to certain parts of your device. One of the main things they try to catch is one-time passwords. These are the short codes you receive when you log in to accounts that require two-factor authentication.

If attackers can capture these codes while also knowing your password, they may be able to break into your accounts. This could include your email, financial services, or cryptocurrency wallets, depending on the accounts you use. The malware also monitors what you copy and paste. Many people copy cryptocurrency wallet addresses before sending cryptocurrencies, and these addresses can be valuable to criminals. A malicious application can collect that information and send it back to the attackers.

Another feature allows attackers to route Internet requests through your browser. This means they can stream online activity through your device so that it appears to be coming from your home network. The app can also send notifications that are similar to security alerts or system warnings. When you click on those notifications, the app opens again and gets another chance to capture information like login codes or clipboard data.

Google says built-in protections can prevent the threat

After learning about the phishing campaign, we asked Google about the malicious site and whether users were protected.

A Google spokesperson told CyberGuy that many Built-in security systems They are designed to stop such threats before they can cause harm.

“We can confirm that Safe Browsing in Chrome warns any user trying to visit this site. Chrome also displays a confirmation dialog box when anyone tries to download the APK. Android users are automatically protected from known versions of this malware by Google Play Protect, which is turned on by default on Android devices With Google Play Services.”

Google also said that its current monitoring shows that no apps containing this malware are available on the Google Play Store.

Android malware hidden in a fake antivirus app

Even if malicious apps are installed from outside the official stores, Google says Android devices still have an extra layer of protection. Google Play Protect can warn users or block apps known to exhibit malicious behavior, including apps installed from third-party sources.

However, it is important to note that Google Play Protect may not be enough. Historically, it’s not 100% certain that all known malware will be removed from Android devices, which is why we recommend additional powerful antivirus software to detect malicious downloads, suspicious browser activity, and phishing attempts before they can cause serious damage. It acts as an early warning system that helps block dangerous apps and websites before they can access your device or data.

During the process, users are asked to agree to permissions and install what appears to be a security tool. (Istock)

Get my picks for the best antivirus protection winners of 2026 for Windows, Mac, Android, and iOS at Cyberguy.com.

7 ways to protect yourself from fake security pages

If you encounter a suspicious “security scan” like this, some simple habits can help you avoid falling into the trap and protect your accounts and devices.

1) Never run security checks from random websites

Google doesn’t ask you to install security tools through pop-ups or unfamiliar websites. If a page claims that your account needs a security check, close the tab and go directly to the official Google account page by typing in the address yourself. Visiting the real account settings page prevents attackers from redirecting you to a fake site.

2) Check website addresses carefully before trusting them

Phishing pages often use domains that look like real companies. Attackers rely on people clicking quickly without paying attention to the address bar. If your website address isn’t an official Google domain, don’t trust it. Even a small change in spelling can indicate a fake site designed to steal information.

3) Remove suspicious web applications from your browser

If you install an app through a website and it opens as a standalone program, check this Applications or extensions installed in the browser existing. Remove anything you don’t know or don’t remember installing. Uninstalling the app immediately prevents it from collecting further information or running commands through your browser.

4) Check your Android phone for unfamiliar apps

Researchers say the malicious Android app may appear as a “security scan” or “system service.” If you see unfamiliar apps with these names, review the permissions they’re asking for and remove them if they look suspicious. Apps that ask for extensive permissions such as SMS access, accessibility features, and microphone control should always be checked.

5) Use a password manager for your accounts

A Password manager helps you Create and store strong, unique passwords for every account you use online. If attackers get one password, they automatically won’t be able to access other accounts. Password managers can also help prevent you from entering credentials on fake sites because they usually reject autofill for similar domains.

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com

6) Enable two-factor authentication whenever possible

Two-factor authentication (2FA) adds an extra layer of protection beyond your password. Although this attack attempts to capture verification codes via SMS, many services allow you to use authentication apps instead. These apps generate login codes on your device and make it difficult for attackers to intercept them.

7) Monitor your accounts for any unusual activity

If you think you have interacted with a suspicious security page, monitor your accounts closely over the following days. Keep an eye on login alerts, password reset emails, or transactions you don’t know about. Acting quickly after any suspicious activity can help prevent attackers from taking full control of your accounts.

Pro tip: Underestimate how easy it is for scammers to target you

Scammers often collect personal details from data broker sites to make phishing messages appear more convincing. A Data removal service It can help remove your personal information from many of these databases, reducing the amount of information criminals can use to impersonate companies or craft targeted scams.

Check out my top picks for data removal services and get a free check to see if your personal information really exists on the web by visiting Cyberguy.com

Get a free check to see if your personal information is already on the web: Cyberguy.com.

Researchers say the malicious web app can collect login tokens, clipboard data and other sensitive information. (Felix Zhan/Phototec via Getty Images)

Key takeaway for Kurt

Attackers change tactics. Instead of hacking into systems through technical flaws, they rely on compelling security messages that convince people to install the tools themselves. We all rely on familiar brands like Google when making security decisions, and attackers know it. Preventing these scams will likely require faster action against impersonation sites and stronger protections around what web applications are allowed to do once they are installed.

Should companies like Google be required to automatically block similar domains that pretend to perform official security checks before people fall for them? Let us know by writing to us at Cyberguy.com

Click here to download the FOX NEWS app

Curt “CyberGuy” Knutson is an award-winning technology journalist with a deep love for technology, equipment and gadgets that make life better through his contributions to Fox News and FOX Business morning starters on “FOX & Friends.” Do you have a technical question? Get Kurt’s free CyberGuy newsletter, share your voice, a story idea or comment on CyberGuy.com.