Security News > 2023 > August > Threat actors abuse Google AMP for evasive phishing attacks
Security researchers are warning of increased phishing activity that abuses Google Accelerated Mobile Pages to bypass email security measures and get to inboxes of enterprise employees.
Google AMP is an open-source HTML framework co-developed by Google and 30 partners to make web content load faster on mobile devices.
The idea behind using Google AMP URLs embedded in phishing emails is to make sure that email protection technology does not flag messages as malicious or suspicious due to Google's good reputation.
Data from anti-phishing protection company Cofense shows that the volume of phishing attacks employing AMP spiked spiked significantly towards mid-July, suggesting that threat actors may be adopting the method.
Cofense says the phishing actors who abuse the Google AMP service also employ a range of additional techniques that collectively help evade detection and increase their success rate.
The attackers used an extra redirection step, abusing a Microsoft.com URL to take the victim to a Google AMP domain and eventually to the actual phishing site.
News URL
Related news
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Samsung phone users under attack, Google warns (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Google fixes two Android zero-days used in targeted attacks (source)