Threat actors abuse Google Apps Script in evasive phishing attacks

Threat actors are abusing the ‘Google Apps Script’ development platform to host phishing pages that appear legitimate and steal login credentials. This new trend was spotted by security researchers at Cofense, who warn that the fraudulent login window is "carefully designed to look like a legitimate login screen." “The attack uses an email masquerading as an invoice, containing a link to a webpage that uses Google Apps Script, a development platform integrated across Google’s suite of products,” Cofense explains. “By hosting the phishing page within Google’s trusted environment, attackers create an illusion of authenticity. This makes it easier to trick recipients into handing over sensitive information.” Legitimate service abuse Google Apps Script is a JavaScript-based cloud scripting platform from Google that allows users to automate tasks and extend the functionality of Google Workspace products like Google Sheets, Docs, Drive, Gmail, and Calendar. These scripts run on a trust ... Read full article.