Cybercriminals Exploit Google Looker Studio for Cryptocurrency Phishing
Introduction
Cybercriminals are taking advantage of Google Looker Studio to create counterfeit cryptocurrency phishing websites. These websites target digital asset holders, leading to account takeovers and financial losses.
About Google Looker Studio
Google Looker Studio, previously known as Data Studio, is an online data conversion tool. It allows users to create customizable reports using raw data from spreadsheets and other sources. The reports feature easily digestible elements like charts and graphs.
The Discovery
Researchers at Check Point have discovered that hackers are exploiting the trusted service of Google Looker Studio to craft cryptocurrency phishing pages. These pages are embedded in phishing emails to bypass email security checks due to Looker Studio’s legitimate nature and good reputation.
The Phishing Emails
The phishing emails appear to originate from Google and include the tech giant’s letterhead. They inform the recipient that they have won approximately 0.75 Bitcoin ($19,200) as part of their participation in the firm’s premium cryptocurrency insights and trading strategies program.
The emails urge Gmail users to follow an embedded link to collect their earnings.
The Phishing Pages
Clicking on the URL in the phishing emails leads victims to phishing pages. These pages host a Google Slideshow promising cryptocurrency winnings. However, on this step, the amount has been raised to 1.35 BTC ($34,700).
The Login Process
Visitors to the phishing pages are requested to enter their crypto wallet login details to receive the promised amount. A timer creates a sense of urgency, making it easier for victims to miss signs of fraud.
The Consequences
Any Google credentials entered on the phishing pages are stolen by the cybercriminals. They can then use these stolen credentials to breach other accounts and potentially access funds from crypto exchanges.
Actions Taken
Check Point informed Google about the abuse on August 22, 2023. However, it is unclear if Google has taken any actions to block the campaign and prevent similar threats in the future.
Google advises users to report malicious content and phishing pages on Google Looker Studio using their reporting tool. They also recommend visiting their safety center for security tips and tools.
“Looker Studio follows Google’s corporate-wide policies for reporting content, and urges all customers to use our reporting tool to report content and product policy violations,” said a Google spokesperson.
