- Cybercriminals abuse Bubble.io no-code platform to host phishing apps
- Trusted Domain Bypasses Email Security and Fools Victims of Microsoft 365 Credential Theft
- Kaspersky warns that techniques are likely to spread via phishing-as-a-service kits, making attacks more dangerous
Cybercriminals have been seen abusing a legitimate AI app building platform to bypass email security protections and land phishing emails straight into people’s inboxes.
Security researchers Kaspersky identified the affected program as Bubble.io, a no-code visual programming platform that allows users to create entire web and mobile apps without writing a single line of code. However, this means that hackers can also use the drag-and-drop editor or an AI chatbot to generate complex JavaScript and frontend structure, embed malicious functionality, and host the site on the bubble.io domain.
They would then send phishing emails to their victims, targeting their Microsoft 365 accounts. Emails would contain a link to the Bubble-hosted app, and since it’s hosted on a trusted domain, email security solutions don’t flag it and the message lands in the inbox.
The article continues below
Kaspersky predicts a bright future for the dark technology
The apps themselves often mimic a Microsoft login portal hidden behind a Cloudflare check. Victims who don’t discover the trick will end up sharing their login credentials with the attackers, who can then use the access to target organizations, steal data, or deploy ransomware.
Given the novelty and success of this method, Kaspersky believes that it will certainly become much more popular in the near future. The researchers speculate that many Phishing-as-a-Service (PhaaS) providers will soon begin integrating this technique into their phishing kits, especially those used by less skilled, novice criminals.
Such platforms are already quite advanced, capable of stealing 2FA codes in transit, defending against analysis through geo-fencing and other methods, and using AI to generate persuasive email copy.
By abusing legitimate platforms such as Bubble, the platforms are only getting better and more dangerous. It’s also worth mentioning that legal company abuse is by no means a new method – we’ve seen PayPal, Google Tasks, Microsoft Azure Monitor alerts and many other features used in this regard before.
Bubble has not yet responded to media inquiries, and there is nothing about the abuse on its website.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
