Hackers are weaponizing Google Translate to hide phishing websites

Cyber-criminals have a variety of tools at their disposal, and it now looks like they’ve added Google Translate to their box of tricks.

Akamai security researcher Larry Cashdollar received a suspicious email last month (h/t: ZDNet), claiming someone logged into his Google account from a Windows machine.

One look at the sender’s address revealed that it was fake (coming from a Hotmail address). But clicking the “consult the activity” button revealed that the attacker was loading the malicious URL through Google Translate.

A phishing ema.il that uses Google Translate Akamai

“Using Google Translate does a number of things; it fills the URL (address) bar with lots of random text, but the most important thing visually is that the victim sees a legitimate Google domain. In some cases, this trick will help the criminal bypass endpoint defenses,” Cashdollar wrote on the Akamai blog.

A phishing website using Google Translate. Akamai

Fortunately, a desktop browser clearly shows the Google Translate toolbar (seen above), along with the real URL being used by the sender. But the security researcher says the attack seems more convincing on a smartphone, owing to the simplified formatting used on smaller screens.

The researcher also found that the attackers were greedy, loading up a bogus Facebook login page after a victim entered their Google credentials. It’s a pretty sloppy move, as the fake page appears to use Facebook’s old visual stylings, and there doesn’t appear to be a proper segue between the two attacks.

In any event, you might want to double-check that you’re on a proper Google page rather than Google Translate when receiving future login alerts.

NEXT: WhatsApp bans 2 million accounts each month — Here’s how they do it

Be the first to comment

Leave a Reply

Your email address will not be published.


*