Google Apps Script Exploited in Complex Phishing Strategies

Google Apps Script Exploited in Complex Phishing Strategies

Blog Article

A fresh phishing marketing campaign continues to be noticed leveraging Google Apps Script to deliver misleading content material designed to extract Microsoft 365 login credentials from unsuspecting buyers. This method utilizes a trusted Google platform to lend credibility to malicious inbound links, therefore expanding the likelihood of user conversation and credential theft.

Google Apps Script is actually a cloud-dependent scripting language made by Google which allows users to increase and automate the features of Google Workspace applications like Gmail, Sheets, Docs, and Drive. Built on JavaScript, this tool is often utilized for automating repetitive tasks, creating workflow solutions, and integrating with exterior APIs.

On this particular phishing Procedure, attackers create a fraudulent Bill doc, hosted by way of Google Applications Script. The phishing course of action generally commences by using a spoofed electronic mail appearing to notify the receiver of the pending Bill. These emails incorporate a hyperlink, ostensibly bringing about the Bill, which utilizes the “script.google.com” domain. This domain is an official Google domain used for Apps Script, which could deceive recipients into believing the link is Risk-free and from the dependable resource.

The embedded link directs consumers to your landing web site, which can consist of a message stating that a file is accessible for obtain, along with a button labeled “Preview.” On clicking this button, the user is redirected to your solid Microsoft 365 login interface. This spoofed page is intended to carefully replicate the authentic Microsoft 365 login screen, together with format, branding, and user interface factors.

Victims who will not figure out the forgery and commence to enter their login credentials inadvertently transmit that information on to the attackers. Once the credentials are captured, the phishing web page redirects the consumer towards the genuine Microsoft 365 login website, developing the illusion that practically nothing unconventional has occurred and minimizing the chance the consumer will suspect foul Engage in.

This redirection approach serves two most important applications. Very first, it completes the illusion the login endeavor was routine, minimizing the probability the victim will report the incident or adjust their password immediately. 2nd, it hides the malicious intent of the sooner conversation, which makes it harder for stability analysts to trace the occasion without in-depth investigation.

The abuse of reliable domains such as “script.google.com” offers a major challenge for detection and avoidance mechanisms. Email messages containing backlinks to dependable domains generally bypass primary email filters, and people are more inclined to belief backlinks that look to come from platforms like Google. This sort of phishing campaign demonstrates how attackers can manipulate properly-acknowledged solutions to bypass typical protection safeguards.

The technical foundation of the attack relies on Google Apps Script’s web app capabilities, which permit developers to generate and publish web applications available through the script.google.com URL framework. These scripts could be configured to serve HTML articles, cope with form submissions, or redirect consumers to other URLs, generating them ideal for malicious exploitation when misused.