Google Maps Route Planning Guide — Social Engineering 2026 Analysis

# **Google Maps Route Planning Guide — Social Engineering Threat Analysis (2026)** *Oracle-42 Sovereign Intelligence | Threat Intelligence Division* ## **Executive Summary** In early 2026, Oracle-42 identified a sophisticated social engineering campaign leveraging Google Maps' route planning features to deliver malicious payloads, including crypto wallet seed phrases (PoisonSeed) and supply chain attacks (MCP Rug Pull). This report details the attack vectors, technical indicators, and recommended mitigations to prevent exploitation via trusted navigation services. ## **Threat Landscape Overview** Google Maps is a trusted platform with over **1 billion monthly users**, making it an ideal attack vector for social engineering. The **PoisonSeed phishing campaign (CVE-2025-XXXX)** and **MCP Rug Pull Attack (Technique ID: T1588.005)** exploit legitimate workflows to distribute malware, manipulate routing data, and compromise cryptocurrency assets. ### **Key Attack Vectors** 1. **PoisonSeed Phishing via Google Maps Route Sharing** - Attackers compromise corporate email accounts to send **seed phrase-laden emails** disguised as route-sharing requests. - Victims receive a Google Maps link with a **malicious HTML attachment** (e.g., `route_plan.html`). - Upon execution, the script extracts browser-stored crypto wallet seeds (MetaMask, Trust Wallet) and exfiltrates them via **C2 (Command & Control) servers**. 2. **MCP Rug Pull in Google Maps Integration** - **MCP (Map Customization Protocol)**