CP
cyberpings
FraudHIGH

Fraud - Bubble AI App Builder Used in Microsoft Phishing

BCBleepingComputer
BubbleMicrosoftphishingKasperskyPhaaS
🎯

Basically, bad actors are using a website builder to trick people into giving away their Microsoft passwords.

Quick Summary

Threat actors are exploiting Bubble's app builder to create phishing sites targeting Microsoft accounts. This method bypasses security checks, putting user credentials at risk. Stay vigilant against suspicious links and enable MFA for added protection.

What Happened

Threat actors have found a new way to steal Microsoft account credentials by exploiting the no-code app-building platform, Bubble. They create and host malicious web applications that mimic legitimate Microsoft login pages. Because these apps are hosted on a trusted domain, they evade detection by email security systems. This clever tactic allows users to unknowingly enter their credentials on fake sites, which are then captured by the attackers.

Security researchers at Kaspersky have identified this trend, noting that the phishing pages often appear legitimate and are sometimes obscured by additional security checks like those from Cloudflare. This makes it even harder for users to recognize the threat. By using this method, attackers can gain access to sensitive data linked to Microsoft 365 accounts, including emails and calendars.

Who's Being Targeted

The primary targets of this phishing campaign are users of Microsoft accounts, particularly those using Microsoft 365 services. Given the widespread use of Microsoft products in both personal and professional settings, the potential impact is significant. Anyone who interacts with Microsoft services could be at risk, especially if they receive a link to a Bubble-hosted app.

As phishing campaigns continue to evolve, the use of legitimate platforms like Bubble increases the risk for all users. The complexity of the apps created makes it challenging for even experienced users to identify malicious intent. This adds a layer of danger, as the attacks can reach a broader audience without raising immediate suspicions.

Signs of Infection

Users may not easily recognize they have been targeted until it's too late. Common signs include:

  • Receiving unexpected links to web apps claiming to be Microsoft-related.
  • Unusual activity in their Microsoft accounts, such as unauthorized access or changes.
  • Requests for login credentials from unfamiliar sources.

If users enter their credentials on these fake pages, they may notice unauthorized access to their accounts shortly after. It's crucial to remain vigilant and verify the authenticity of any links before clicking.

How to Protect Yourself

To safeguard against these phishing attempts, users should take several proactive steps:

  • Enable Multi-Factor Authentication (MFA) on their Microsoft accounts to add an extra layer of security.
  • Be cautious of links in emails or messages, especially if they seem suspicious or unexpected.
  • Use a password manager to generate and store complex passwords, reducing the chance of credential theft.
  • Regularly monitor account activity for any unauthorized access.

Staying informed about the latest phishing tactics can help users protect their sensitive information. As cybercriminals become more sophisticated, awareness and caution are key to maintaining security.

🔒 Pro insight: The use of legitimate platforms for phishing reflects a growing trend in cybercrime, emphasizing the need for enhanced user education and security measures.

Original article from

BleepingComputer · Bill Toulas

Read Full Article

Share

Related Pings

HIGHFraud

Fraud - Scammers Use Virtual Smartphones for APP Schemes

Scammers are using virtual smartphones to commit APP fraud, tricking victims into sending money. Financial institutions are facing rising losses, highlighting the urgent need for better security measures.

The Register Security·
HIGHFraud

Fraud - LeakBase Admin Arrested for Stolen Credentials

A significant arrest in Russia has taken down the admin of the LeakBase cybercrime forum. This platform facilitated the trade of stolen credentials, affecting thousands. The move highlights the ongoing battle against identity theft and online fraud.

The Hacker News·
HIGHFraud

Cloud Phones - Rising Threat in Financial Fraud Explained

Cloud phones are increasingly linked to financial fraud, enabling criminals to create dropper accounts. This trend poses serious risks to banks and consumers alike. Enhanced detection measures are crucial to combat this growing threat.

Infosecurity Magazine·
HIGHFraud

Fraud - Phishers Imitate Palo Alto Networks Recruiters

Scammers have been posing as recruiters from Palo Alto Networks to defraud job seekers. This ongoing scam uses psychological tactics and LinkedIn data to deceive candidates. Stay vigilant and verify any unsolicited job offers to protect yourself.

Dark Reading·
HIGHFraud

Fraud - Paid AI Accounts Become Underground Commodity

Paid AI accounts are now a hot commodity in the underground market. Cybercriminals exploit these accounts for fraud and scams. Organizations must act to safeguard their AI access.

BleepingComputer·
HIGHFraud

Device Code Phishing - Targeting Microsoft 365 Users Globally

A new phishing campaign is targeting Microsoft 365 users, affecting over 340 organizations. Hackers exploit OAuth to steal credentials, posing serious risks. Users must stay vigilant and secure their accounts.

The Hacker News·