A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims' browsers. [...]
Fake Google Security site uses PWA app to steal credentials, MFA codes
Résumé + lien vers la source. Sans paywall, sans tracking.