AI-powered no-code app-building platform Bubble has been exploited to create illicit web apps that facilitate clandestine credential phishing intrusions against Microsoft accounts, BleepingComputer reports.
Threat actors have crafted malicious Bubble apps with complicated JavaScript bundles and Shadow DOM-heavy structures that circumvent static and automated analysis as a means to redirect to Microsoft login-impersonating phishing pages, according to Kaspersky researchers.
Inputted credentials are then exfiltrated by attackers for the subsequent compromise of Microsoft 365 accounts.
"Even for an expert, its difficult to grasp what's happening at first glance; you really have to dig through it to understand how it all works and what the purpose is. Automated web-code analysis algorithms are even more likely to get tripped up, frequently reaching the verdict that this is just a functional, useful site," said researchers.
With Bubble generating code that could befuddle even experts, phishing-as-a-service platforms that already harness adversary-in-the-middle tactics to evade two-factor authentication are expected to exploit AI-based app builders to enable even more covert phishing intrusions. Bubble has yet to detail measures to counter the abuse of its platform in the wake of the findings.
Threat actors have crafted malicious Bubble apps with complicated JavaScript bundles and Shadow DOM-heavy structures that circumvent static and automated analysis as a means to redirect to Microsoft login-impersonating phishing pages, according to Kaspersky researchers.
Inputted credentials are then exfiltrated by attackers for the subsequent compromise of Microsoft 365 accounts.
"Even for an expert, its difficult to grasp what's happening at first glance; you really have to dig through it to understand how it all works and what the purpose is. Automated web-code analysis algorithms are even more likely to get tripped up, frequently reaching the verdict that this is just a functional, useful site," said researchers.
With Bubble generating code that could befuddle even experts, phishing-as-a-service platforms that already harness adversary-in-the-middle tactics to evade two-factor authentication are expected to exploit AI-based app builders to enable even more covert phishing intrusions. Bubble has yet to detail measures to counter the abuse of its platform in the wake of the findings.





