google apps script

Google’s trusted scripting platform is the latest weapon in phishing arsenals, helping attackers craft convincing credential-stealing campaigns that evade traditional email filters. Cybercriminals are leveraging Google Apps Script, a legitimate tool in Google’s Workspace suite, to host phishing pages that appear trustworthy to both users and security systems. According to research by Cofense, attackers are disguising these pages as authentic login portals to trick users into submitting their credentials — all while operating under the umbrella of a trusted Google domain.