Hackers Weaponise Google Appsheet To Bypass Email Defences - Arabian Post

(MENAFN- The Arabian Post) decoding="async" alt="" border="0" width="320" data-original-height="667" data-original-width="1000" src="https://i.ytimg.com/vi/ED17d5pklc8/hqdefault.jpg" onerror="this.onerror=null;this.src='https://thearabianpost.com/assets/aparab-news-post.jpg?v3';" />

The cybersecurity community is confronting a highly evolved phishing campaign that exploits Google's no-code AppSheet platform to harvest credentials and two-factor authentication codes. Attackers are sending authentic-looking emails from the legitimate domain noreply@appsheet. com-circumventing common defences such as SPF, DKIM and DMARC-and impersonating Meta to pressure users into submitting sensitive data. On 20 April 2025, AppSheet-originated emails made up 10.88 percent of all phishing attempts intercepted by KnowBe4 Defend, with 98 percent mimicking Meta and the remainder posing as PayPal.

These counterfeit communications are crafted with precise Meta branding and dramatise account deletion threats, deploying a 24-hour deadline and unique“Case ID” polymorphic identifiers, making each email distinct and harder to flag through static detection rules. Clicking the embedded“Submit an Appeal” link takes recipients to a convincing phishing page hosted on Vercel, complete with animated logos and a mirrored Meta interface. Users are prompted to enter their credentials and 2FA codes twice under the false pretext of an error, a tactic that simultaneously increases data accuracy and induces confusion.

The phishing site functions as a man-in-the-middle proxy, relaying credentials and 2FA codes in real time to Meta. This allows attackers to hijack sessions and bypass multi-factor authentication entirely.

“Weaponise Google AppSheet” thus captures this attack's essence: abuse of a trusted, legitimate development tool to deliver phishing at scale, bypassing conventional defences and enabling sophisticated session compromise.

This campaign typifies a growing threat trend: exploitation of trusted cloud and workflow platforms-such as Microsoft, Google Forms, QuickBooks and Telegram-to evade security filters and manipulate user trust. Traditional email gateways, including Microsoft 365 defences, struggle to counteract these nuanced threats.

See also Harvard Dropouts Set to Launch AI Glasses That Record Conversations

In response, organisations are increasingly turning to integrated, AI-powered email security tools that assess message intent over sender legitimacy. Platforms like KnowBe4 Defend, which incorporates threat awareness training and real-time email analysis, are being adopted alongside simulated phishing exercises that educate users about real attacks.

Notice an issue? Arabian Post strives to deliver the most accurate and reliable information to its readers. If you believe you have identified an error or inconsistency in this article, please don't hesitate to contact our editorial team at editor[at]thearabianpost[dot]com . We are committed to promptly addressing any concerns and ensuring the highest level of journalistic integrity.

MENAFN10092025000152002308ID1110044672