Google App Engine feature abused to create unlimited phishing pages

[silversurfer]

Content source

https://www.bleepingcomputer.com/news/security/google-app-engine-feature-abused-to-create-unlimited-phishing-pages/

A newly discovered technique by a researcher shows how Google's App Engine domains can be abused to deliver phishing and malware while remaining undetected by leading enterprise security products.

Google App Engine is a cloud-based service platform for developing and hosting web apps on Google's servers.

While reports of phishing campaigns leveraging enterprise cloud domains are nothing new, what makes Google App Engine infrastructure risky in how the subdomains get generated and paths are routed.

Typically scammers use cloud services to create a malicious app that gets assigned a subdomain. They then host phishing pages there. Or they may use the app as a command-and-control (C2) server to deliver malware payload. [...]

Read more: Google App Engine feature abused to create unlimited phishing pages