Firebase, Google Apps Script Abused in Fresh Phishing Campaigns

[Brownie2019]

Content source

https://www.securityweek.com/firebase-google-apps-script-abused-in-fresh-phishing-campaigns/

Cybersecurity researchers are calling attention to two recently observed phishing campaigns caught abusing the legitimate services Firebase and Google Apps Script to lure unsuspecting users to malicious content.

In mid-May, Trellix said it identified a spear-phishing operation impersonating a Rothschild & Co employee to target financial executives at banks and energy, insurance, and investment organizations in Africa, Canada, Europe, the Middle East, and South Asia.

The malicious emails contained a fake brochure, identified as a webpage hosted on Firebase and hidden behind a math-quiz custom CAPTCHA. Once the challenge is solved, the victim is served a ZIP file that contains a VBS script.

 

[Zero Knowledge]

Firebase always gets blocked by NextDNS. maybe a good thing knowing this exploit is out there?