Phishing is a type of threat that affects many users on the network. As we know, it is a method that hackers use to steal all kinds of information, passwords or credentials. Basically they are posing as something legitimate but it is actually a scam. In this article, we echo a new technique used to create unlimited Phishing sites using a Google platform.
They manage to create unlimited Phishing sites
This new technique, recently discovered by a researcher, shows how Google’s App Engine domains can be abused to deliver phishing and malware without being detected by major business security products. One more way to bypass protection and achieve your goals.
It should be noted that Google App Engine is a service platform that is based on the cloud to develop and host web applications on Google servers. Phishing, as we have seen on other occasions, also takes advantage of the cloud to infect. However, this time it is different in the way they use this platform to generate domains and routes.
As we have indicated, they allow you to create unlimited Phishing sites . They do this by creating a malicious application that is assigned a subdomain. Later there they host Phishing pages. They can also use that app as a command and control server and deliver the malware payload.
Due to its structure, a website can be easily blocked . That is, a cybersecurity professional could block traffic to and from a specific application simply by blocking its requests. But this becomes more complicated in the case of Google’s App Engine. The domain structure of this tool is different. A subdomain, in this case, not only represents an application, it represents the version of an application, the service name, the project ID, and the region ID fields.
Also, the most interesting point to note here is that if any of those fields are incorrect, Google App Engine will not display a 404 Not Found page, but instead will display the application’s ‘default’ page (a concept known as routing. soft).
As indicated by the security researcher, requests are received by whatever version is configured for traffic on the target service . If the service you are targeting does not exist, the request is routed.
It adds that if a request matches part of the hostname , but includes a service, version, or instance name that does not exist, the request is routed to the default service, which is essentially the hostname of the application. This means that there are many subdomain options to reach the malicious application.
You can see all the information shown by this security researcher where you can see how this method works.
We leave you an article where we give some tips to improve security on social networks.
