Defeating Antivirus detection of malicious links using Googleweblight.

Googleweblight is a service from Google that helps to load webpages in mobile phones using slow internet connections. It seems this service can make content filters ineffective and even help malicious websites bypass antivirus detection if the malicious website is not in google safe browsing blacklist.

I was actually looking for ways to access websites which blocked anonymous Tor users , I found that in most of the cheap 3G cell phones , browsers used Googleweblight service to improve Web browsing and it was highly effective in unblocking websites which blocked Tor .

It made me wonder if it could be used by evil guys to bypass Antivirus firewalls too.

I created a dedicated Windows 10 Virtual Machine with Bitdefender Total Security with latest updates and took a random verified phishing URL from phishtank service and opened it firefox , Bitdefender immediately blocked access to the dangerous phishing website ;)

However No warning was displayed by bitdefender when same website was optimised using googleweblight… ;(

Conclusion:-

It’s always better to avoid unknown random links in internet. Antiviruses are not perfect and may miss a dangerous link or two!

Originally published at https://outflaw.blogspot.com on December 7, 2019.

CS Undergradute at NGP Institue of Technology