Google Looker Studio is a cloud-based data analytics platform that allows users to create and share interactive dashboards and reports. However, some cybercriminals are exploiting this service to launch phishing attacks that target cryptocurrency users.
The phishing campaign using Google Looker Studio
According to a report by Check Point Research, hackers are using Google Looker Studio to host credential-harvesting crypto sites. The phishing campaign works as follows:
- A cybercriminal creates a Google Looker Studio page that mimics a legitimate cryptocurrency platform, such as Coinbase, Binance, or Kraken.
- The cybercriminal uses Google to send a real notification to the targeted victim, asking them to review or comment on the page. Since the notification comes from the legitimate Google account, it is not caught by security filters.
- The victim clicks through to look at the page, which looks legitimate and has the same domain as Google. The page asks the victim to log in with their email and password, or to scan a QR code with their mobile device.
- Once the victim enters their credentials or scans the QR code, they are redirected to the real cryptocurrency platform, while the cybercriminal steals their login information and accesses their crypto wallet.
The impact and motive of the phishing campaign
The phishing campaign using Google Looker Studio has been active since August 2023, and has targeted users from various countries, including the US, UK, Canada, Australia, and India. The cybercriminals behind the campaign are likely motivated by the high value and volatility of cryptocurrencies, which offer them an opportunity to make quick profits by stealing or transferring funds from the victims’ accounts.
The phishing campaign also poses a serious threat to the reputation and trust of Google Looker Studio, which is used by many businesses and organizations for data analysis and visualization. By abusing this service, the hackers are undermining its credibility and security, and potentially exposing its users to further attacks.
The prevention and detection of the phishing campaign
To prevent falling victim to the phishing campaign using Google Looker Studio, users should be wary of any unsolicited notifications or requests from Google or other platforms that ask them to review or comment on a page. Users should also verify the URL of the page they are visiting, and look for any signs of spoofing or tampering. Users should also use strong passwords and enable two-factor authentication for their online accounts, especially for cryptocurrency platforms.
To detect and stop the phishing campaign using Google Looker Studio, security researchers and authorities should monitor and analyze the malicious pages created by the hackers, and report them to Google for removal. They should also track and trace the source and destination of the stolen credentials and funds, and try to identify and arrest the cybercriminals behind the campaign.
