The campaign uses Google AppSheet and Netlify to host convincing fake login pages while Telegram silently forwards captured credentials to attackers.
Phishing Infrastructure Leveraging Trusted Platforms
Attackers are exploiting widely used platforms such as Google AppSheet, Netlify, and Telegram to carry out a Facebook credential phishing campaign. By hosting phishing pages on AppSheet, an application building tool, and using Netlify for rapid page deployment, the campaign leverages the inherent trust associated with these legitimate services. The use of Telegram serves as a command and control channel to exfiltrate stolen credentials in real time, making detection more difficult for traditional security tools.
Impact and Scope
The campaign specifically targets Facebook users by sending messages that mimic official account alerts, urging victims to log in on a fake portal. While no specific CVEs are associated with this attack, it highlights a growing trend: threat actors repurposing popular cloud and messaging platforms for malicious ends. Users should enable multi factor authentication on their Facebook accounts and remain skeptical of unsolicited login prompts. The abuse of trusted third party services makes it challenging for organizations to block such threats without disrupting normal business operations.
Source: Cyber Security News
