We have observed a significant increase in phishing campaigns abusing the no-code application platform Bubble.io. Attackers are leveraging the platform’s domain to create company-specific subdomains that serve as redirect hubs for credential theft and malware delivery.

Read more in our blog post about the full attack chain, from initial phishing emails to credential harvesting and remote access malware and about the infrastructure behind it: https://cirosec.de/en/news/abusing-bubble-io/

#Blog #Phishing #Malware #BubbleIO #CyberSecurity #nocode #CredentialHarvesting