Hackers are sneaking malware into your browser using Google's link, and antivirus software can't stop it
When you buy through links on our articles, Future and its syndication partners may earn a commission.
Attackers use real Google URLs to sneak malware past antivirus and into your browser undetected
This malware only activates during checkout, making it a silent threat to online payments
The script opens a WebSocket connection for live control, completely invisible to the average user
A new browser-based malware campaign has surfaced, demonstrating how attackers are now exploiting trusted domains like Google.com to bypass traditional antivirus defenses.
A report from security researchers at c/side, this method is subtle, conditionally triggered, and difficult for both users and conventional security software to detect.
It appears to originate from a legitimate OAuth-related URL, but covertly executes a malicious payload with full access to the user's browser session.
The attack begins with a script embedded in a compromised Magento-based ecommerce site which references a seemingly harmless Google OAuth logout URL: https://accounts.google.com/o/oauth2/revoke.
However, this URL includes a manipulated callback parameter, which decodes and runs an obfuscated JavaScript payload using eval(atob(...)).
The use of Google's domain is central to the deception - because the script loads from a trusted source, most content security policies (CSPs) and DNS filters allow it through without question.
This script only activates under specific conditions. If the browser appears automated or the URL includes the word 'checkout,' it silently opens a WebSocket connection to a malicious server. This means it can tailor malicious behavior to user actions.
Any payload sent through this channel is base64-encoded, decoded, and executed dynamically using JavaScript's Function constructor.
The attacker can remotely run code in the browser in real time with this setup.
One of the primary factors influencing this attack's efficacy is its ability to evade many of the best antivirus programs currently on the market.
The script's logic is heavily obfuscated and only activates under certain conditions, making it unlikely to be detected by even the best Android antivirus apps and static malware scanners.
They will not inspect, flag, or block JavaScript payloads delivered through seemingly legitimate OAuth flows.
DNS-based filters or firewall rules also offer limited protection, since the initial request is to Google's legitimate domain.
In the enterprise environment, even some of the best endpoint protection tools may struggle to detect this activity if they rely heavily on domain reputation or fail to inspect dynamic script execution within browsers.
While advanced users and cybersecurity teams may use content inspection proxies or behavioral analysis tools to identify anomalies like these, average users are still vulnerable.
Limiting third-party scripts, separating browser sessions used for financial transactions, and remaining vigilant about unexpected site behaviors could all help reduce risk in the short term.
These are the best VPNs with antivirus you can use right now
Take a look at our pick of the best internet security suites
HP unveils the future of super-HD video meetings, but it comes at a huge price
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
30 minutes ago
- Yahoo
Insider-Owned Growth Companies To Watch In June 2025
The United States market remained flat over the last week but has seen a 9.9% increase over the past year with earnings forecasted to grow by 14% annually. In this environment, growth companies with high insider ownership can be particularly appealing as they often indicate strong confidence from those who know the company best, potentially aligning well with anticipated earnings growth. Name Insider Ownership Earnings Growth Super Micro Computer (SMCI) 16.2% 39.1% Similarweb (SMWB) 14.9% 69.7% Prairie Operating (PROP) 34.5% 75.7% FTC Solar (FTCI) 27.7% 62.5% Enovix (ENVX) 12.1% 58.4% Duolingo (DUOL) 14.2% 40% Credo Technology Group Holding (CRDO) 12.1% 45% Atour Lifestyle Holdings (ATAT) 22.6% 24.1% Astera Labs (ALAB) 14.8% 44.4% Antalpha Platform Holding (ANTA) 18.4% 40.2% Click here to see the full list of 191 stocks from our Fast Growing US Companies With High Insider Ownership screener. Here we highlight a subset of our preferred stocks from the screener. Simply Wall St Growth Rating: ★★★★☆☆ Overview: Clearfield, Inc. manufactures and sells various fiber connectivity products in the United States and internationally, with a market cap of $525.71 million. Operations: The company's revenue segments include $140.25 million from Clearfield and $40.16 million from Nestor Cables. Insider Ownership: 17.2% Earnings Growth Forecast: 167.3% p.a. Clearfield is trading at 49.4% below its estimated fair value, with analysts expecting a 21% price rise. It forecasts above-market profit growth over the next three years and revenue growth of 10.7%, outpacing the US market's 8.7%. Recent product launches, like the TetherSmart Multi-Fiber Terminal, highlight innovation in fiber network solutions. The company reported improved earnings for Q2 2025 and is actively managing its financial position through share buybacks and extended credit facilities. Take a closer look at Clearfield's potential here in our earnings growth report. The analysis detailed in our Clearfield valuation report hints at an deflated share price compared to its estimated value. Simply Wall St Growth Rating: ★★★★☆☆ Overview: Canadian Solar Inc. is a company that offers solar energy and battery storage products and solutions globally, with a market cap of approximately $739.26 million. Operations: Canadian Solar Inc. generates revenue through the provision of solar energy and battery storage products and solutions across various regions including Asia, the Americas, Europe, and other international markets. Insider Ownership: 21.2% Earnings Growth Forecast: 91.3% p.a. Canadian Solar is trading at 74.3% below its estimated fair value, with revenue growth forecasted at 11.6% annually, surpassing the US market's 8.7%. While profitability is expected in three years, recent Q1 results showed a net loss of US$33.97 million. The launch of advanced products like SolBank 3.0 Plus and TOPBiHiKu CS6.2 modules underscores innovation in energy solutions, despite challenges such as high volatility and debt coverage issues by operating cash flow. Delve into the full analysis future growth report here for a deeper understanding of Canadian Solar. Our comprehensive valuation report raises the possibility that Canadian Solar is priced lower than what may be justified by its financials. Simply Wall St Growth Rating: ★★★★☆☆ Overview: Sportradar Group AG, along with its subsidiaries, delivers sports data services to the sports betting and media industries across various regions including Switzerland, the United States, and several other global markets, with a market cap of approximately $7.27 billion. Operations: The company generates revenue primarily from its Data Processing segment, which amounts to €1.15 billion. Insider Ownership: 30.6% Earnings Growth Forecast: 32.4% p.a. Sportradar Group is trading at 32.6% below its estimated fair value, with earnings growth forecasted at 32.4% annually, outpacing the US market's 14.4%. Recent Q1 results showed a net income of €24.21 million compared to a previous loss, reflecting strong performance. The partnership with DAZN for FIFA Club World Cup data rights enhances its extensive sports coverage and betting markets offerings while maintaining robust insider ownership without significant recent insider trading activity. Click here to discover the nuances of Sportradar Group with our detailed analytical future growth report. Upon reviewing our latest valuation report, Sportradar Group's share price might be too optimistic. Click here to access our complete index of 191 Fast Growing US Companies With High Insider Ownership. Searching for a Fresh Perspective? Uncover the next big thing with financially sound penny stocks that balance risk and reward. This article by Simply Wall St is general in nature. We provide commentary based on historical data and analyst forecasts only using an unbiased methodology and our articles are not intended to be financial advice. It does not constitute a recommendation to buy or sell any stock, and does not take account of your objectives, or your financial situation. We aim to bring you long-term focused analysis driven by fundamental data. Note that our analysis may not factor in the latest price-sensitive company announcements or qualitative material. Simply Wall St has no position in any stocks analysis only considers stock directly held by insiders. It does not include indirectly owned stock through other vehicles such as corporate and/or trust entities. All forecast revenue and earnings growth rates quoted are in terms of annualised (per annum) growth rates over 1-3 years. Companies discussed in this article include CLFD CSIQ and SRAD. Have feedback on this article? Concerned about the content? with us directly. Alternatively, email editorial-team@
Bloomberg
33 minutes ago
- Bloomberg
US IPO Shares Doubling on Their First Day at Fastest Pace Since 2021
Stocks of newly-public companies are surging in their first sessions at the fastest pace in three and a half years, enthralling traders and heating up the market for US first-time share sales. Drone maker Airo Group Holdings Inc. ended Friday with a gain of 140%, a day after raising $60 million in its initial public offering, and coming barely a week after stablecoin issuer Circle Internet Group Inc. surged 168.5% immediately following its $1.2 billion IPO.
Android Authority
37 minutes ago
- Android Authority
Circle to Search could be getting an AI Mode upgrade, and here's what it looks like (APK teardown)
Rita El Khoury / Android Authority TL;DR Google is testing integrating Search's AI Mode into the Circle to Search feature. When the feature rolls out, users may be able to launch AI mode via text or voice from within the Circle to Search screen. Google Search's AI Mode breaks down your question into subtopics and conducts multiple simultaneous queries. It can be accessed by users in the US through the AI Mode icon in the Google widget on your home screen, or by selecting AI Mode from the Google app's home page. Google is all-in on AI and is adding AI to everything. US users can try out AI Mode in Google Search, and there are a couple of ways to launch the feature on your phone. You can use the AI Mode icon in the Google widget on your home screen or select AI Mode from the Google app's home page. In case you need a third way to launch AI Mode, Google could integrate AI Mode into Circle to Search as its default search mode. Authority Insights story on Android Authority. Discover You're reading anstory on Android Authority. Discover Authority Insights for more exclusive reports, app teardowns, leaks, and in-depth tech coverage you won't find anywhere else. An APK teardown helps predict features that may arrive on a service in the future based on work-in-progress code. However, it is possible that such predicted features may not make it to a public release. Google app v16.22.44 beta includes code that indicates that Google could soon integrate AI Mode into Circle to Search. We've managed to activate the feature ahead of its launch to give you an early look at it: Here's a video demo of the upcoming feature: As you can see in the demo, AI Mode could potentially become the default way to search with Circle to Search. The Google Search bar that appears after triggering Circle to Search could feature a prominent 'Ask AI Mode' hint text and the AI Mode icon. The usual icons for Voice Input, Song Search, and Translate give it company in the Search bar. You can start an AI Mode search either by text or by voice. Once you start a search, you directly enter Google Search's AI Mode instead of the All tab within Google Search (which currently houses the AI Overviews amongst other things). The UI informs you that Google is doing a deeper search for your query, as AI Mode breaks down your question into subtopics and conducts multiple simultaneous queries. Thankfully, the result acknowledges that AI responses may include mistakes, which is a handy disclaimer given all the various ways AI can hallucinate and get things wrong. If you don't want to see AI Mode search results, you will likely need to tap on the Web tab in the Google Search response. Further, when using Circle to Search to select text on the screen, the search query will likely default to the Web tab instead of AI Mode (for now). So, for simpler queries where you don't need a whole lot of information and just need to know more about what is visible on your screen, you needn't unnecessarily burden AI for it. AI Mode within Circle to Search is not currently rolling out. We'll keep you updated when we learn more. Got a tip? Talk to us! Email our staff at Email our staff at news@ . You can stay anonymous or get credit for the info, it's your choice.
