Hackers are sneaking malware into your browser using Google's link, and antivirus software can't stop it
Attackers use real Google URLs to sneak malware past antivirus and into your browser undetected
This malware only activates during checkout, making it a silent threat to online payments
The script opens a WebSocket connection for live control, completely invisible to the average user
A new browser-based malware campaign has surfaced, demonstrating how attackers are now exploiting trusted domains like Google.com to bypass traditional antivirus defenses.
A report from security researchers at c/side, this method is subtle, conditionally triggered, and difficult for both users and conventional security software to detect.
It appears to originate from a legitimate OAuth-related URL, but covertly executes a malicious payload with full access to the user's browser session.
The attack begins with a script embedded in a compromised Magento-based ecommerce site which references a seemingly harmless Google OAuth logout URL: https://accounts.google.com/o/oauth2/revoke.
However, this URL includes a manipulated callback parameter, which decodes and runs an obfuscated JavaScript payload using eval(atob(...)).
The use of Google's domain is central to the deception - because the script loads from a trusted source, most content security policies (CSPs) and DNS filters allow it through without question.
This script only activates under specific conditions. If the browser appears automated or the URL includes the word 'checkout,' it silently opens a WebSocket connection to a malicious server. This means it can tailor malicious behavior to user actions.
Any payload sent through this channel is base64-encoded, decoded, and executed dynamically using JavaScript's Function constructor.
The attacker can remotely run code in the browser in real time with this setup.
One of the primary factors influencing this attack's efficacy is its ability to evade many of the best antivirus programs currently on the market.
The script's logic is heavily obfuscated and only activates under certain conditions, making it unlikely to be detected by even the best Android antivirus apps and static malware scanners.
They will not inspect, flag, or block JavaScript payloads delivered through seemingly legitimate OAuth flows.
DNS-based filters or firewall rules also offer limited protection, since the initial request is to Google's legitimate domain.
In the enterprise environment, even some of the best endpoint protection tools may struggle to detect this activity if they rely heavily on domain reputation or fail to inspect dynamic script execution within browsers.
While advanced users and cybersecurity teams may use content inspection proxies or behavioral analysis tools to identify anomalies like these, average users are still vulnerable.
Limiting third-party scripts, separating browser sessions used for financial transactions, and remaining vigilant about unexpected site behaviors could all help reduce risk in the short term.
These are the best VPNs with antivirus you can use right now
Take a look at our pick of the best internet security suites
HP unveils the future of super-HD video meetings, but it comes at a huge price
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Time Business News
5 hours ago
- Time Business News
Professional Web Design El Paso for Business Growth
In today's digital-first economy, a professionally crafted website is your strongest asset in standing out among competitors. For businesses located in Texas, especially those in and around El Paso, choosing the right web design El Paso services is essential. From driving local traffic to providing a seamless user experience, the right design can shape your brand's online identity. This in-depth guide explores how El Paso web design professionals help businesses grow, the key features of a high-performing site, and why investing in experienced El Paso web designers is vital for your long-term success. El Paso is an economic hub on the U.S.-Mexico border, teeming with local businesses, tech startups, and service providers. In such a bustling commercial environment, your website becomes more than just a digital brochure—it's your virtual storefront. An outdated or poorly designed site can hurt your brand, frustrate visitors, and reduce conversions. In contrast, a sleek, modern site designed by expert web design El Paso agencies reflects professionalism, trustworthiness, and technical competence. Consumer Behavior in El Paso El Paso residents are tech-savvy, mobile users. A large portion of web traffic comes from smartphones, so responsive design is non-negotiable. Businesses that fail to cater to mobile users risk losing out on potential customers. El Paso web designers understand the local market's behaviors and preferences. This regional insight allows them to tailor UX, visuals, and calls-to-action that resonate with local audiences. What Sets Top El Paso Web Designers Apart? Not all web designers are created equal. While some rely on basic templates, the best El Paso web design professionals build custom, scalable solutions optimized for SEO, speed, and user experience. Local SEO Knowledge A deep understanding of local SEO is crucial. Web design El Paso experts integrate geo-targeted keywords, Google Maps listings, schema markup, and localized content to help your business show up in local search results. Appearing in Google's 'Local 3-Pack' can significantly increase your visibility. Mobile-First Design With over 60% of searches coming from mobile devices, mobile responsiveness is essential. A seasoned El Paso web designer ensures that your site adapts perfectly to different screens—improving loading times, readability, and navigation on smartphones and tablets. Conversion-Focused Layouts The primary purpose of your website is to convert visitors into leads or customers. Top agencies implement strategic layouts, CTA placements, and sales funnels that are informed by user psychology and A/B testing. When investing in web design El Paso Texas, expect the following essential components in your site: Custom Design & Branding Your website should reflect your brand's voice, tone, and aesthetics. Custom design goes beyond color schemes—it includes unique elements that make your business memorable and distinctive online. SEO Optimization A beautiful site is worthless if no one can find it. El Paso web design specialists build with SEO in mind, optimizing page speed, metadata, headers, image alt tags, and internal linking structures. Fast Load Times Google's algorithm rewards sites that load quickly. Local designers compress media files, streamline code, and utilize performance-enhancing technologies like lazy loading and caching. User-Friendly CMS Most top designers in El Paso web design Texas use CMS platforms like WordPress or Webflow, which allow business owners to update content without technical knowledge. Security & SSL Integration Secure websites build trust and improve rankings. SSL certificates and secure hosting protect customer data and improve your credibility. With so many options, how do you find the best El Paso web designers for your project? Consider the following criteria: 1. Portfolio of Local Clients Browse their previous projects. Have they worked with other El Paso businesses? Do the sites look modern, functional, and visually appealing? 2. Transparent Pricing Avoid agencies that give vague quotes. A reputable El Paso web design firm will provide a clear proposal that outlines costs, timelines, and deliverables. 3. Full-Service Capabilities Ideally, your chosen team should offer web design, SEO, maintenance, content creation, and digital marketing. A holistic strategy ensures consistency across your online presence. 4. Client Reviews and Testimonials What do past clients say about them? Verified reviews on platforms like Google and Clutch offer valuable insight into their work ethic and customer service. Choosing a local team means better communication, cultural alignment, and faster project turnaround. Face-to-Face Collaboration Meeting in person builds trust and ensures both parties are aligned in vision and execution. Local designers understand regional nuances and customer expectations that a remote agency might overlook. Faster Support When updates or fixes are needed, having a local partner ensures quicker response times, especially during critical business hours. Local SEO Advantage El Paso web designers naturally integrate local search terms, regional content, and neighborhood-specific strategies that improve your visibility in local searches. Integrating Marketing with Web Design A site that looks good is just the start. To be truly effective, your site must work hand-in-hand with your overall marketing strategy. Email Marketing Integration Ensure your web design includes lead capture forms, newsletter signup pop-ups, and CRM integration for email automation. Social Media Integration Web design El Paso Texas teams often embed social feeds, share buttons, and clickable icons to boost your social presence and engagement. Analytics and Tracking Use tools like Google Analytics and Facebook Pixel to track performance, understand user behavior, and measure conversions. Trends in Web Design for El Paso Businesses Keeping up with design trends ensures your site stays modern and competitive. Minimalist Aesthetics Clean lines, white space, and purposeful typography help visitors focus on your message. Dark Mode Options Popular with tech-savvy audiences, dark mode provides visual comfort and a sleek aesthetic. AI-Driven Chatbots Automated customer service via chatbots can improve engagement and lead generation. Motion UI and Micro-Animations Subtle movements guide the user's attention and enhance interactivity. While every industry needs a digital presence, some sectors particularly benefit from strategic web design El Paso services: Healthcare : Streamlined appointment systems and patient portals : Streamlined appointment systems and patient portals Real Estate : Property listings, map integration, and lead capture : Property listings, map integration, and lead capture Law Firms : Professional design that builds trust and encourages contact : Professional design that builds trust and encourages contact Retail & E-Commerce : Product showcases, secure payment gateways, and responsive design : Product showcases, secure payment gateways, and responsive design Restaurants: Online menus, reservation booking, and delivery integrations Cost of Web Design in El Paso Prices vary depending on features, complexity, and agency expertise. On average: Basic Website : $1,000 – $2,500 : $1,000 – $2,500 Custom Business Website : $3,000 – $6,000 : $3,000 – $6,000 E-Commerce Site: $5,000 – $10,000+ Investing in professional El Paso web design is more cost-effective in the long term. Cheap DIY options often lead to performance issues, redesigns, and missed opportunities. In an increasingly digital world, your website is often the first point of contact between you and your potential customers. A professional, high-performing site created by expert El Paso web designers can mean the difference between a visitor bouncing or converting. Whether you're starting a new business or upgrading your existing site, partnering with a local web design El Paso agency ensures your site is tailored for your audience, optimized for search engines, and built for future growth. Ready to elevate your brand? Collaborate with an experienced El Paso web design Texas team today and turn your online presence into a powerful marketing tool. TIME BUSINESS NEWS
Yahoo
7 hours ago
- Yahoo
UN report lists companies complicit in Israel's ‘genocide': Who are they?
The United Nations special rapporteur on the situation of human rights in the occupied Palestinian territory (oPt) has released a new report mapping the corporations aiding Israel in the displacement of Palestinians and its genocidal war on Gaza, in breach of international law. Francesca Albanese's latest report, which is scheduled to be presented at a news conference in Geneva on Thursday, names 48 corporate actors, including United States tech giants Microsoft, Alphabet Inc. – Google's parent company – and Amazon. A database of more than 1000 corporate entities was also put together as part of the investigation. '[Israel's] forever-occupation has become the ideal testing ground for arms manufacturers and Big Tech – providing significant supply and demand, little oversight, and zero accountability – while investors and private and public institutions profit freely,' the report said. 'Companies are no longer merely implicated in occupation – they may be embedded in an economy of genocide,' it said, in a reference to Israel's ongoing assault on the Gaza Strip. In an expert opinion last year, Albanese said there were 'reasonable grounds' to believe Israel was committing genocide in the besieged Palestinian enclave. The report stated that its findings illustrate 'why Israel's genocide continues'. 'Because it is lucrative for many,' it procurement of F-35 fighter jets is part of the world's largest arms procurement programme, relying on at least 1,600 companies across eight nations. It is led by US-based Lockheed Martin, but F-35 components are constructed globally. Italian manufacturer Leonardo S.p.A is listed as a main contributor in the military sector, while Japan's FANUC Corporation provides robotic machinery for weapons production lines. The tech sector, meanwhile, has enabled the collection, storage and governmental use of biometric data on Palestinians, 'supporting Israel's discriminatory permit regime', the report said. Microsoft, Alphabet, and Amazon grant Israel 'virtually government-wide access to their cloud and AI technologies', enhancing its data processing and surveillance capacities. The US tech company IBM has also been responsible for training military and intelligence personnel, as well as managing the central database of Israel's Population, Immigration and Borders Authority (PIBA) that stores the biometric data of Palestinians, the report said. It found US software platform Palantir Technologies expanded its support to the Israeli military since the start of the war on Gaza in October 2023. The report said there were 'reasonable grounds' to believe the company provided automatic predictive policing technology used for automated decision-making in the battlefield, to process data and generate lists of targets including through artificial intelligence systems like 'Lavender', 'Gospel' and 'Where's Daddy?' The report also lists several companies developing civilian technologies that serve as 'dual-use tools' for Israel's occupation of Palestinian territory. These include Caterpillar, Leonardo-owned Rada Electronic Industries, South Korea's HD Hyundai and Sweden's Volvo Group, which provide heavy machinery for home demolitions and the development of illegal settlements in the West Bank. Rental platforms Booking and Airbnb also aid illegal settlements by listing properties and hotel rooms in Israeli-occupied territory. The report named the US's Drummond Company and Switzerland's Glencore as the primary suppliers of coal for electricity to Israel, originating primarily from Colombia. In the agriculture sector, Chinese Bright Dairy & Food is a majority owner of Tnuva, Israel's largest food conglomerate, which benefits from land seized from Palestinians in Israel's illegal outposts. Netafim, a company providing drip irrigation technology that is 80-percent owned by Mexico's Orbia Advance Corporation, provides infrastructure to exploit water resources in the occupied West Bank. Treasury bonds have also played a critical role in funding the ongoing war on Gaza, according to the report, with some of the world's largest banks, including France's BNP Paribas and the UK's Barclays, listed as having stepped in to allow Israel to contain the interest rate premium despite a credit report identified US multinational investment companies BlackRock and Vanguard as the main investors behind several listed companies. BlackRock, the world's largest asset manager, is listed as the second largest institutional investor in Palantir (8.6 percent), Microsoft (7.8 percent), Amazon (6.6 percent), Alphabet (6.6 percent) and IBM (8.6 per cent), and the third largest in Lockheed Martin (7.2 percent) and Caterpillar (7.5 percent). Vanguard, the world's second-largest asset manager, is the largest institutional investor in Caterpillar (9.8 percent), Chevron (8.9 percent) and Palantir (9.1 percent), and the second largest in Lockheed Martin (9.2 percent) and Israeli weapons manufacturer Elbit Systems (2 percent). The report states that 'colonial endeavours and their associated genocides have historically been driven and enabled by the corporate sector.' Israel's expansion on Palestinian land is one example of 'colonial racial capitalism', where corporate entities profit from an illegal occupation. Since Israel launched its war on Gaza in October 2023, 'entities that previously enabled and profited from Palestinian elimination and erasure within the economy of occupation, instead of disengaging are now involved in the economy of genocide,' the report said. For foreign arms companies, the war has been a lucrative venture. Israel's military spending from 2023 to 2024 surged 65 percent, amounting to $46.5bn – one of the highest per capita worldwide. Several entities listed on the exchange market – particularly in the arms, tech and infrastructure sectors – have seen their profits rise since October 2023. The Tel Aviv Stock Exchange also rose an unprecedented 179 percent, adding $157.9bn in market value. Global insurance companies, including Allianz and AXA, invested large sums in shares and bonds linked to Israel's occupation, the report said, partly as capital reserves but primarily to generate returns. Booking and Airbnb also continue to profit from rentals in Israeli-occupied land. Airbnb briefly delisted properties on illegal settlements in 2018 but later reverted to donating profits from such listings to humanitarian causes, a practice the report referred to as 'humanitarian-washing'. According to Albanese's report, yes. Corporate entities are under an obligation to avoid violating human rights through direct action or in their business partnerships. States have the primary responsibility to ensure that corporate entities respect human rights and must prevent, investigate and punish abuses by private actors. However, corporations must respect human rights even if the state where they operate does not. A company must therefore assess whether activities or relationships throughout its supply chain risk causing human rights violations or contributing to them, according to the report. The failure to act in line with international law may result in criminal liability. Individual executives can be held criminally liable, including before international courts. The report called on companies to divest from all activities linked to Israel's occupation of Palestinian territory, which is illegal under international law. In July 2024, the International Court of Justice issued an advisory opinion ruling that Israel's continued presence in the occupied West Bank and East Jerusalem should come to an end 'as rapidly as possible'. In light of this advisory opinion, the UN General Assembly demanded that Israel bring to an end its unlawful presence in the occupied Palestinian territory by September 2025. Albanese's report said the ICJ's ruling 'effectively qualifies the occupation as an act of aggression … Consequently, any dealings that support or sustain the occupation and its associated apparatus may amount to complicity in an international crime under the Rome Statute. 'States must not provide aid or assistance or enter into economic or trade dealings, and must take steps to prevent trade or investment relations that would assist in maintaining the illegal situation created by Israel in the oPt.'
Tom's Guide
7 hours ago
- Tom's Guide
Google makes it easier to let family members use smart home devices
Google Home has a new update that will make it easier to let family members or guests control devices in your smart home. The newest Google Home update introduces "Admin" and "Member" roles. Like many systems, the Admin roles will have full control over the the devices, services and users connected to the smart home. Members, meanwhile, will only have "basic" access to device controls, like letting your kid turn off the lights or unlock a smart door knob. The lower level role can get additional privileges via "Settings" access that lets them have some control over device and home-wide settings. There's also Activity access that lets Members keep watch on recent events, like when packages are delivered and can be seen via the doorbell camera. The Member level has been in testing since December 2024, but it appears ready for the public now. Additionally, Google is making it easier to add a child under 13 to the Home app. You'll set up your kid with a Google account through the Family Link. From there you can invite them to Google Home, where they'll be added as a Member by default. Previously, to set up something similar you need to use a combination of Family Link, Google Home or Google Assistant to add your child to the smart home. Apparently, many people struggled to do so. The update is version 3.33 for your Google Home app. It should be available now, if your app didn't automatically update check your settings and see if the update is available. Unlike most Google updates, there is no roll out language so we expect this one to be available to everyone as of June 30. Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
