- These attacks make use of SSL certificates issued by Appspot.com and Web.app.
- The attackers have designed similar-looking login pages for the domains which are widely used in business. These fake login pages can be used to trick the victims and steal their Usernames and Passwords
About domains
Appspot.com is a cloud computing platform used for developing and hosting web applications in Google-managed data centers. On the other hand, Web.app is a mobile platform used for building mobile apps hosted by Firebase.
The attack scenario
- According to the researchers the attackers make use of SSL certificates issued by appspot.com which is service apps from Google Cloud Platform (GCP) and web.app which service apps from Google Firebase
- These attackers have designed similar-looking login pages for the domains which are widely used in business and individuals.
- The purpose of these pages is to capture login credentials which are later sent to a remote server controlled by attackers.