Home / Technology / Phishing Alert: Fake Update Seizes Computer Control
Phishing Alert: Fake Update Seizes Computer Control
1 Apr
Summary
- A fake Google Meet update page tricks users into remote computer control.
- This attack exploits a legitimate Windows device enrollment feature.
- Antivirus tools may not detect this new phishing method.
A sophisticated phishing campaign is targeting Windows users through a fake Google Meet update page. Security researchers have identified a convincing replica of the Google Meet update interface that, upon clicking an 'Update now' button, exploits a legitimate Windows feature known as device enrollment. Instead of a software update, this action enrolls the user's computer into a remote management system controlled by attackers.
This attack leverages a built-in Windows process called 'Set up a work or school account.' When triggered by the fake page, this setup window pre-populates with details connecting the computer to an attacker-controlled server. This allows the attacker to gain administrative control over the device, similar to an IT department's management capabilities.
Unlike traditional malware, this method uses legitimate operating system functions, making it difficult for standard antivirus software to detect. Attackers aim to compromise a significant number of machines even with a low success rate per individual. Google has stated that such prompts are not legitimate and that official Google Meet updates are automatic.
To protect against this threat, users should be wary of unsolicited update prompts, verify website URLs (legitimate Google Meet sessions use meet.google.com), and check their Windows 'Access work or school' settings for unfamiliar enrollments. Employing password managers and keeping software updated are also recommended defenses.
