Fake Google Meet Update Enrolls Windows PCs in Hacker‑Controlled Management

Security researchers at Malwarebytes have uncovered a phishing website that mimics a Google Meet update page and uses a built‑in Windows device‑enrollment feature to give attackers remote control over victims’ computers. The page tells users they must "Update now" to keep using Google Meet, but instead of downloading software it triggers Windows’ "Set up a work or school account" flow pre‑configured to enroll the machine into a mobile device management (MDM) system hosted on legitimate platform Esper and controlled by the attackers. Because the dialog is a genuine Windows system window, it can appear trustworthy and slip past many antivirus tools, and anyone who clicks through effectively hands attackers IT‑administrator powers to install software, change settings, view files, lock the screen or even wipe the device. Researchers stress that the scheme abuses legitimate infrastructure rather than traditional malware, meaning even a small number of victims could give criminals valuable access to home and business PCs in the U.S. and elsewhere. The campaign highlights how phishing is evolving from crude fake downloads toward weaponizing normal enterprise features that many users do not understand.