After Microsoft Azure domains, threat actors are now eyeing on Google cloud domains to launch the latest phishing attacks. The affected domains are those that leverage Appspot.com and Web.app.
About domains
Appspot.com is a cloud computing platform used for developing and hosting web applications in Google-managed data centers. On the other hand, Web.app is a mobile platform used for building mobile apps hosted by Firebase.
How does the campaign work?
Evading detection
To evade detection, the attackers are leveraging most of the code written in an external JavaScript code.
“The attackers are using the latest tactics to evade detection from scan engines, with most of the code written in an external JavaScript file. This filename is 32 characters long and different for every site,” researchers noted.
Publisher