Google sending warning to users of possible phishing, malware attack

Google's cybercrime fighting team Threat Analysis Group (TAG) has recorded a massive spike in government-backed phishing and malware attacks on private individuals.

TAG saw a jump of 33 per cent increase in cyber threats compared to the previous year (2020) and the team sent more than 50,000 warning to private individuals.

The attacks are said to be carried out majorly by Russian government-backed APT28 ( aka Fancy Bear) and Iran-based APT35. In total, TAG has identified and is tracking more than 270 targeted or government-backed attacker groups from more than 50 countries.

The newly released report says hackers are primarily targeting those in the field of human rights activism, journalism, national security, Non-Government Organisations (NGOs), and academia.

The most recent attack by APT35 was against a prominent UK university. It illegally altered the college website to host a phishing kit. It planned to harvest credentials of the people's email platforms such as Gmail, Hotmail, and Yahoo. Potential victims were instructed to activate an invitation to a (fake) webinar by logging in. The phishing kit also asked for second-factor authentication codes sent to devices, TAG noted.

Apparently, the same APT35 had even attempted to infiltrate into Android phones in July 2021. The team had submitted a Virtual Personal Network (VPN) mobile app (shown below) for approval to enter Google Play Stor. The latter's robust screening process successfully detected the hidden spyware and blocked it from entering the Android ecosystem.

"We warn users when we suspect a government-backed threat like APT35 is targeting them. Thousands of these warnings are sent every month, even in cases where the corresponding attack is blocked. If you receive a warning it does not mean your account has been compromised, it means you have been identified as a target. Workspace administrators are also notified regarding targeted accounts in their domain," Google Threat Analysis Group said.

Both private individuals and corporate companies are advised to join Advanced Protection Program or enabling two-factor authentication to protect their online accounts from cybercriminals.

Besides tracking threat actors, the search engine is also improving online security with the Google Safe Browsing initiative. With this, Google will warn users when the latter ventures to compromised websites and pages. Its security systems detect over 40 billion pages of spam, which Google blocks from appearing in the Search results.

Read more | Google Search app gets new privacy features

Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.