Identity, Decentralized identity and verifiable credentials, Ransomware, Phishing

Microsoft credential phishing weaponizes Bubble AI app builder

Privacy concept: computer keyboard with Key icon and word Phishing on enter button background, 3d render

AI-powered no-code app-building platform Bubble has been exploited to create illicit web apps that facilitate clandestine credential phishing intrusions against Microsoft accounts, BleepingComputer reports.

Threat actors have crafted malicious Bubble apps with complicated JavaScript bundles and Shadow DOM-heavy structures that circumvent static and automated analysis as a means to redirect to Microsoft login-impersonating phishing pages, according to Kaspersky researchers.

Inputted credentials are then exfiltrated by attackers for the subsequent compromise of Microsoft 365 accounts.

"Even for an expert, its difficult to grasp what's happening at first glance; you really have to dig through it to understand how it all works and what the purpose is. Automated web-code analysis algorithms are even more likely to get tripped up, frequently reaching the verdict that this is just a functional, useful site," said researchers.

With Bubble generating code that could befuddle even experts, phishing-as-a-service platforms that already harness adversary-in-the-middle tactics to evade two-factor authentication are expected to exploit AI-based app builders to enable even more covert phishing intrusions. Bubble has yet to detail measures to counter the abuse of its platform in the wake of the findings.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds