Cyber-criminals have a variety of tools at their disposal, and it now looks like they’ve added Google Translate to their box of tricks.
Akamai security researcher Larry Cashdollar received a suspicious email last month (h/t: ZDNet), claiming someone logged into his Google account from a Windows machine.
One look at the sender’s address revealed that it was fake (coming from a Hotmail address). But clicking the “consult the activity” button revealed that the attacker was loading the malicious URL through Google Translate.
“Using Google Translate does a number of things; it fills the URL (address) bar with lots of random text, but the most important thing visually is that the victim sees a legitimate Google domain. In some cases, this trick will help the criminal bypass endpoint defenses,” Cashdollar wrote on the Akamai blog.
Fortunately, a desktop browser clearly shows the Google Translate toolbar (seen above), along with the real URL being used by the sender. But the security researcher says the attack seems more convincing on a smartphone, owing to the simplified formatting used on smaller screens.
The researcher also found that the attackers were greedy, loading up a bogus Facebook login page after a victim entered their Google credentials. It’s a pretty sloppy move, as the fake page appears to use Facebook’s old visual stylings, and there doesn’t appear to be a proper segue between the two attacks.
In any event, you might want to double-check that you’re on a proper Google page rather than Google Translate when receiving future login alerts.