CP
cyberpings
FraudHIGH

Fraud - Bubble AI App Builder Used in Microsoft Phishing

BCBleepingComputer·Reporting by Bill Toulas
Summary by CyberPings Editorial·AI-assisted·Reviewed by Rohit Rana
Updated:
🎯

Basically, bad actors are using a website builder to trick people into giving away their Microsoft passwords.

Quick Summary

Threat actors are exploiting Bubble's app builder to create phishing sites targeting Microsoft accounts. This method bypasses security checks, putting user credentials at risk. Stay vigilant against suspicious links and enable MFA for added protection.

What Happened

Threat actors have found a new way to steal Microsoft account credentials by exploiting the no-code app-building platform, Bubble. They create and host malicious web applications that mimic legitimate Microsoft login pages. Because these apps are hosted on a trusted domain, they evade detection by email security systems. This clever tactic allows users to unknowingly enter their credentials on fake sites, which are then captured by the attackers.

Security researchers at Kaspersky have identified this trend, noting that the phishing pages often appear legitimate and are sometimes obscured by additional security checks like those from Cloudflare. This makes it even harder for users to recognize the threat. By using this method, attackers can gain access to sensitive data linked to Microsoft 365 accounts, including emails and calendars.

Who's Being Targeted

The primary targets of this phishing campaign are users of Microsoft accounts, particularly those using Microsoft 365 services. Given the widespread use of Microsoft products in both personal and professional settings, the potential impact is significant. Anyone who interacts with Microsoft services could be at risk, especially if they receive a link to a Bubble-hosted app.

As phishing campaigns continue to evolve, the use of legitimate platforms like Bubble increases the risk for all users. The complexity of the apps created makes it challenging for even experienced users to identify malicious intent. This adds a layer of danger, as the attacks can reach a broader audience without raising immediate suspicions.

Signs of Infection

Users may not easily recognize they have been targeted until it's too late. Common signs include:

  • Receiving unexpected links to web apps claiming to be Microsoft-related.
  • Unusual activity in their Microsoft accounts, such as unauthorized access or changes.
  • Requests for login credentials from unfamiliar sources.

If users enter their credentials on these fake pages, they may notice unauthorized access to their accounts shortly after. It's crucial to remain vigilant and verify the authenticity of any links before clicking.

How to Protect Yourself

To safeguard against these phishing attempts, users should take several proactive steps:

  • Enable Multi-Factor Authentication (MFA) on their Microsoft accounts to add an extra layer of security.
  • Be cautious of links in emails or messages, especially if they seem suspicious or unexpected.
  • Use a password manager to generate and store complex passwords, reducing the chance of credential theft.
  • Regularly monitor account activity for any unauthorized access.

Staying informed about the latest phishing tactics can help users protect their sensitive information. As cybercriminals become more sophisticated, awareness and caution are key to maintaining security.

🔒 Pro insight: The use of legitimate platforms for phishing reflects a growing trend in cybercrime, emphasizing the need for enhanced user education and security measures.

Original article from

BCBleepingComputer· Bill Toulas
Read Full Article

Also covered by

SCSC Media

Microsoft credential phishing weaponizes Bubble AI app builder

Read Article

Share

Related Pings

HIGHFraud

Drift Hack - $285 Million Theft Linked to DPRK Operation

A major hack on Drift resulted in a staggering $285 million theft, linked to a six-month DPRK social engineering operation. This highlights the growing threat of state-sponsored cybercrime in the cryptocurrency sector. Organizations must enhance their security measures to prevent similar attacks.

The Hacker News·
HIGHFraud

Device Code Phishing - Attacks Surge 37 Times in 2026

Device code phishing attacks have skyrocketed this year, with a 37x increase. Users of IoT and streaming devices are particularly at risk. New phishing kits like EvilTokens are making these attacks easier for cybercriminals. Stay alert and protect your accounts.

BleepingComputer·
HIGHFraud

Job Scams - Coca-Cola and Ferrari Offers Are Traps

Scammers are impersonating Coca-Cola and Ferrari with fake job offers to steal your passwords. Job seekers are at high risk as these scams become more sophisticated. Protect your personal information by verifying job offers directly with companies.

Malwarebytes Labs·
HIGHFraud

FCC Proposes $4.5 Million Fine for Voxbeam's Fraudulent Calls

The FCC is proposing a hefty fine against Voxbeam for allowing fraudulent calls to reach American consumers. This could lead to stricter regulations on voice service providers. Stay alert to protect your personal information from scams.

The Record·
HIGHFraud

Windows Extortion Plot - Engineer Pleads Guilty to Charges

A former engineer has pleaded guilty to locking Windows admins out of servers in an extortion scheme. This incident underscores the risks of insider threats. Rhyne's actions could lead to a 15-year prison sentence. Companies must strengthen their cybersecurity measures to prevent similar attacks.

BleepingComputer·
MEDIUMFraud

Business Email Compromise - The New Threat Landscape Explained

A recent fraud attempt shows how business email compromise is evolving. Small organizations are now prime targets for these scams. Awareness is key to staying safe.

Cisco Talos Intelligence·