Hackers Are Using Google.com to Deliver Malware — Here’s How to Stay Safe

Onsa MustafaLast Updated: Jun 15, 2025
Hackers Are Using Google.com to Deliver Malware

A new type of cyberattack has recently come to light, and it’s quite sneaky. Security researchers at have discovered that hackers are now using the trusted domain Google.com to spread malware. This method is designed to bypass antivirus software and other security tools, making it difficult to detect.

How Hackers Are Using Google.com to Deliver Malware

The malware attack begins on compromised e-commerce websites that use the Magento platform. Hidden within the website’s code is a script that points to a seemingly harmless Google link:
https://accounts.google.com/o/oauth2/revoke

This link is normally used for Google’s OAuth system. But in this case, it includes a manipulated callback parameter. This is where the danger lies.

That parameter runs hidden JavaScript code, which has been scrambled using base64 encoding and JavaScript’s eval() function. This trick makes the script hard to detect and understand, even for many security tools.

Why It’s So Dangerous

The most concerning part? It uses Google’s official domain. Since Google.com is trusted by nearly all systems and users, most antivirus programs, firewalls, and DNS filters allow it through without question.

But the malicious script only activates under certain conditions. For example:

  • If the browser looks like it’s being used by a real person (not an automated scanner)
  • If the page URL contains the word “checkout”

When these conditions are met, the script opens a WebSocket connection to a malicious server. Then it silently downloads and runs harmful code in your browser — all in real-time. This means the hacker can control your browser session remotely.

Hard to Detect, Harder to Block

Even the best antivirus programs on Android and other platforms might miss this threat. That’s because:

  • The code is heavily obfuscated
  • It’s delivered via a legitimate Google domain
  • It executes dynamically, so static scanning tools don’t catch it

Enterprise security tools like endpoint protection platforms may also fail to detect it unless they inspect JavaScript behaviour inside the browser, which many don’t do.

See Also: Beware! Myth Stealer Malware is Stealing Your Data Through Game Downloads

How to Stay Safe

Unfortunately, regular users are the most at risk. But there are some steps you can take to stay protected:

  • Limit third-party scripts: Use browser extensions or privacy tools that block unknown or unnecessary scripts.
  • Separate sessions: Avoid using the same browser for everyday use and financial transactions. Create a separate, secure environment for sensitive tasks.
  • Stay alert: Watch for strange behaviour on websites, especially during login or checkout processes.
  • Update everything: Keep your browser, extensions, and security software up to date.
  • Use advanced tools: Tech-savvy users or organisations can deploy content inspection tools or behaviour-based security solutions to monitor for suspicious activity.

Our Thoughts

This malware campaign is a wake-up call. It shows how even trusted domains like Google.com can be used to trick both users and security systems. While it’s a complex attack, being cautious and informed can help you avoid falling into the trap.

Onsa MustafaLast Updated: Jun 15, 2025
Photo of Onsa Mustafa

Onsa Mustafa

Onsa is a Software Engineer and a tech blogger who focuses on providing the latest information regarding the innovations happening in the IT world. She likes reading, photography, travelling and exploring nature.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
>