After Microsoft Azure domains, threat actors are now eyeing on Google cloud domains to launch the latest phishing attacks. The affected domains are those that leverage Appspot.com and Web.app.
Appspot.com is a cloud computing platform used for developing and hosting web applications in Google-managed data centers. On the other hand, Web.app is a mobile platform used for building mobile apps hosted by Firebase.
How does the campaign work?