Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Malware

Google Drawing Phishing Scam – Malware

February 10, 2025
Reading Time: 4 mins read
in Malware
Google Drawing Phishing Scam – Malware

Google Drawing Phishing Scam

Type of Malware

Infostealer

Date of Initial Activity

2024

Motivation

Data Theft

Attack Vectors

Phishing

Type of Information Stolen

Login Credentials

Overview

Phishing scams are continuously evolving, with cybercriminals becoming increasingly adept at leveraging trusted platforms and services to deceive victims. One such scam, involving Google Drawings, exemplifies how attackers can craft highly convincing phishing campaigns that exploit users’ natural trust in familiar brands. In this case, cybercriminals used a Google Drawings graphic to trick victims into disclosing sensitive personal and financial information. The attack, which initially appears to be an Amazon account verification request, is a prime example of how modern phishing techniques, including URL obfuscation and multi-stage redirection, are designed to bypass traditional security measures and deceive even the most cautious users. Google Drawings, part of the Google Workspace suite, is a collaborative tool that allows users to create and share diagrams and graphics. Its legitimate use makes it an appealing target for malicious actors looking to hide their attacks in plain sight. When embedded within a phishing email, the Google Drawings graphic may appear entirely harmless, drawing the victim’s attention to what seems like an urgent Amazon account security request. This tactic takes advantage of the user’s familiarity with Google and their sense of urgency regarding account protection, making it difficult for even experienced users to spot the scam before it’s too late.

Targets

Individuals

How they operate

The attack begins with a phishing email that contains a seemingly innocent graphic, often hosted on Google Drawings. Google Drawings, a collaboration tool that allows users to create and share diagrams, is rarely flagged by security software, making it an ideal platform for cybercriminals to host their malicious content. The graphic in question is designed to look like an Amazon account verification notice, complete with branding and messaging intended to spur urgency in the victim. However, this graphic is not merely an image—it contains an embedded hyperlink that is central to the attack. When the victim clicks on the “Continue Verification” link within the Google Drawings graphic, they are directed to a URL that initially appears to be safe but is actually a shortened link created using a WhatsApp URL shortener, “l.wl.co.” URL shorteners, while useful for condensing lengthy URLs, also provide an opportunity for attackers to obscure the true destination of the link. In this case, the use of a WhatsApp URL shortener provides an added layer of deception, as shortened URLs typically do not trigger the usual security warnings or suspicion that longer, more transparent URLs might. Once the victim clicks on the shortened link, they are redirected again, this time through a second URL shortener, “qrco[.]de,” which is a service that creates dynamic QR codes. This additional redirection step further obfuscates the destination and is likely designed to bypass security scanners that may flag suspicious links. These multiple layers of redirection serve to confuse both the victim and any security tools that might be monitoring the URL traffic, making it more difficult to identify the phishing attempt in real time. The victim is ultimately led to a page that appears to be an Amazon login screen, where they are prompted to enter their credentials. However, this page is a counterfeit designed to harvest sensitive information. Once the victim enters their login credentials, the scam progresses to a series of staged “security checkup” pages that ask for additional personal and financial details. These pages mimic legitimate account management forms and ask for sensitive data such as the victim’s full billing address, phone number, and even credit card details. At each stage, the attacker captures and stores the data entered by the victim. The information is sent to a domain controlled by the attacker, which uses multiple path names to ensure that even if the victim abandons the process midway, they still leak valuable data. The phishing site employs a variety of techniques to convince the victim that they are still interacting with a legitimate Amazon page, including validating password formats and credit card details in a manner that mimics Amazon’s own security processes. The final step of the scam leads the victim back to the phony Amazon login page, where they are once again prompted to enter their information. After the attacker has successfully gathered the necessary credentials and financial details, the victim may be shown a fake confirmation message, and the website becomes inaccessible from the same IP address, effectively closing the door on any further attempts to track the scam. This phishing scam highlights how attackers use layered deception and advanced redirection techniques to evade detection by both users and security tools. By leveraging trusted platforms like Google Drawings and URL shorteners, attackers are able to obscure their true intentions and create a seamless experience that mirrors legitimate services. Given the increasing sophistication of such phishing schemes, users must remain vigilant and rely on advanced security solutions that can detect and block these evasive threats in real time.  
Reference: 
  • Decoding a Google Drawings and WhatsApp open redirection phish
Tags: AmazonGoogleGoogle Drawing Phishing ScamGoogle DrawingsGoogle WorkspaceInfostealersMalwarePhishingScams
ADVERTISEMENT

Related Posts

Iranian Phishing Campaign (Scam) – Malware

Iranian Phishing Campaign (Scam) – Malware

March 2, 2025
Fake WalletConnect (Infostealer) – Malware

Fake WalletConnect (Infostealer) – Malware

March 2, 2025
SilentSelfie (Infostealer) – Malware

SilentSelfie (Infostealer) – Malware

March 2, 2025
Sniper Dz (Scam) – Malware

Sniper Dz (Scam) – Malware

March 2, 2025
TikTok Malware Scam (Trojan) – Malware

TikTok Malware Scam (Trojan) – Malware

March 2, 2025
Zombinder (Exploit Kit) – Malware

Zombinder (Exploit Kit) – Malware

March 2, 2025

Latest Alerts

Mozilla Urgent Firefox Patch Fixes RCE Flaws

ModiLoader Malware Targets Windows Users

Glibc Flaw Gives Linux Root Access Risk

Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

APT28 RoundPress Webmail Hack Steals Emails

Subscribe to our newsletter

    Latest Incidents

    Massive DDoS Hits Poland’s Civic Platform

    Arla Plant Cyberattack Halts Operations

    Georgia’s Harbin Clinic Hit by Data Breach

    Hackers Target Swiss Reserve Power Plant

    Coinbase Insider Attack Exposed User Data

    Cyberattack Hits J Batista Group

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial