A sophisticated phishing campaign has leveraged Google’s AppSheet platform to bypass security filters and compromise over 30,000 Facebook accounts. According to recent reports, attackers created malicious web applications within AppSheet, a legitimate no-code development platform, to host convincing login pages. These pages were then distributed through email and social media messages, tricking users into entering their Facebook credentials.
Attack Method
The attack is notable for its abuse of a trusted service like Google AppSheet. Because AppSheet runs under google.com domains, traditional email and browser security tools often failed to flag the phishing links. Once victims entered their details, the attackers harvested the credentials and used them to hijack accounts. In some instances, the compromised accounts were then used to spread the phishing lure further, amplifying the reach of the campaign.
Scope of Compromise
This incident highlights a growing trend where cybercriminals exploit reputable cloud platforms to host malicious infrastructure. While no specific CVE has been assigned to this campaign, it serves as a critical reminder for users to enable multi-factor authentication on their social media accounts. Users should also be cautious of any unsolicited login prompts, even if they appear to come from a legitimate service like Google.
Implications and Trends
Facebook has stated they are investigating the campaign and are working to remove the malicious AppSheet applications. Users are advised to review their account activity log and change passwords if they suspect any unauthorized access. Organizations should also consider updating their security policies to block or flag applications originating from no-code platforms that request sensitive credentials.
Source: Over 30,000 Facebook Accounts Compromised in Google AppSheet Phishing Attack
