Kaspersky Warns of New Phishing Frontier: Attackers Exploit ”Bubble” No-Code Platform to Bypass Security Filters
Kaspersky has uncovered a sophisticated phishing evolution where attackers are leveraging the Bubble.io no-code platform to host malicious intermediary applications. By utilizing trusted bubble.io domains, these campaigns successfully evade traditional URL filters and automated reputation-based defense systems. The technique acts as a "cloaking layer," seamlessly redirecting victims to high-fidelity spoofed Microsoft login pages.
According to Kaspersky expert Roman Dedenok, this method represents a "new level of trust abuse." The campaign further complicates detection by integrating Cloudflare services and AWS hosting to avoid blacklisting. More alarmingly, this tactic is being integrated into Phishing-as-a-Service (PhaaS) models, featuring Adversary-in-the-Middle (AiTM) capabilities. These tools are designed to intercept session cookies in real-time, effectively bypassing Multi-Factor Authentication (MFA) and granting unauthorized access to enterprise accounts.