Threat actors have been seen abusing Google Apps Script to launch convincing phishing attacks and steal people’s Microsoft 365 login details. Cybersecurity researchers Cofense recently spotted ...

“In short, Google Apps Script attacks may bypass local anti-phishing controls,” said Beggs, “however, the information that flags an attack remains present, and diligent users will be able to ...

Threat actors are abusing the trusted Google platform 'Google Apps Script' to host phishing pages, making them appear legitimate and eliminating the risk of them getting flagged by security tools.

For example, a teacher could have a Google Sheets file with student grades, and by using Google Apps Script, they would be able to send personalized emails automatically, saving hours of manual work.