By Bill Toulas
Publication Date: 2026-03-25 19:48:00
Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building platform Bubble to generate and host malicious web apps.
Because the web app is hosted on a legitimate platform, email security solutions do not flag the link as a potential threat, allowing users to access the page.
Security researchers at Kaspersky say that threat actors are using the new method to redirect users to the actual phishing page, which is often mimicking a Microsoft login portal that is sometimes hidden behind a Cloudflare check.
Any credentials entered on these fake web pages are siphoned to the phishing actor, who may then use them to access email, calendar, and other sensitive data associated with Microsoft 365 accounts.
Source: Kaspersky
Bubble is a no-code AI-powered platform where users describe the app they want to build and then the platform automatically generates the backend logic and…
