Credential phishing facilitated by Google Apps Script exploitation

BleepingComputer reports that Google's cloud scripting platform Google Apps Script has been exploited to host seemingly legitimate credential phishing pages.

Attackers distributed malicious emails purporting to be invoices that include a link redirecting to a webpage integrated with a Google Apps Script to exfiltrate usernames and credentials from targets, who are later redirected to the legitimate website in a bid to better conceal malicious activity, according to findings from Cofense. "By hosting the phishing page within Google's trusted environment, attackers create an illusion of authenticity. This makes it easier to trick recipients into handing over sensitive information," said researchers. With the attack technique potentially enabling the deployment of other lures following remote script modifications, organizations have been urged to strengthen email security configurations for more stringent analysis of cloud service links, as well as the blocking of Google Apps Script URLs. Google has yet to detail how it intends to combat Google Apps Script abuse.