Cybercriminals have discovered a new method to bypass phishing detection systems by abusing Bubble, a legitimate no-code application building platform, to create and host malicious web applications targeting Microsoft account credentials. The attacks leverage Bubble's trusted domain reputation to evade security filters that would typically block known malicious sites.

The phishing campaigns specifically target Microsoft accounts, taking advantage of users' trust in professional-looking applications hosted on Bubble's platform. Security researchers have identified multiple instances where threat actors created convincing fake Microsoft login pages using Bubble's drag-and-drop interface, making the malicious sites appear legitimate to both users and automated security systems.

The attack vector exploits the inherent trust placed in established platforms like Bubble, whose domains are generally whitelisted by security solutions. When users encounter these fraudulent applications, they appear to be hosted on a reputable platform, reducing suspicion and increasing the likelihood of credential theft. The no-code nature of Bubble makes it particularly attractive to cybercriminals who lack advanced technical skills.

Microsoft and security vendors are working to identify and take down these malicious applications as they are discovered. Organizations are advised to implement additional layers of authentication, educate users about sophisticated phishing techniques, and consider implementing stricter email filtering rules that scrutinize links to app-building platforms, even those with good reputations.