Google Maps users have been warned about a dangerous new scam.
Mark Stockley, a researcher with British security software and hardware company Sophos revealed recently that cybercriminals are redirecting people to potentially malicious websites via shortened, innocent-looking Google Maps links.
Google recently announced that they were to shut down their goo.gl URL Shortener after it was reported that the feature could inadvertently provide an easy way to disguise suspect links, and now hackers seem to have found a new method for their nefarious activities, again using a Google product.
Stockley wrote in a blog post, “The crooks have turned a service designed for shortening and sharing Google Maps URLs into an impromptu redirection service for sharing whatever the heck they like, thanks to an open redirection vulnerability in the maps.app.goo.gl service,”
“Open redirect vulnerabilities allow attackers to abuse code that’s intended to perform an HTTP redirect to a specific something into code that redirects to anything.”
Sophos reported that the suspect links are not easy to report, and more worrying was the fact that Google has known about the issue since September last year.
Stockley further added, “To avoid being abused, code that performs redirections should only send users to URLs that match a specific pattern or list of links thought to be OK.”
“In the case of Google maps that should be simple – if the URL in the link parameter isn’t a Google Map, there’s no reason to allow the redirection.”
We will keep following this story and update accordingly.