Skip to main content

Kaspersky warns of a new phishing technique leveraging Bubble, a no-code AI platform

31 March 2026

Kaspersky has discovered a new phishing tactic used to evade traditional security controls that exploits Bubble, a platform that allows users to build web and mobile applications through a visual interface without writing code. Attackers are increasingly adopting innovative tools designed for legitimate software development and repurposing them to boost phishing campaigns.

Traditional phishing attacks often rely on malicious links or obvious redirection techniques, which are typically flagged and blocked by modern security systems. However, attackers are now leveraging Bubble’s no-code environment to generate intermediary web applications which are hosted on Bubble’s legitimate infrastructure and trusted domains such as *.bubble.io, which improves their credibility and helps them bypass security filters. These applications function as disguised redirectors, silently forwarding victims to malicious credential-harvesting websites.

In the observed campaign, victims were ultimately redirected to a convincing imitation of a Microsoft login page, protected by a Cloudflare verification layer designed to further obscure malicious intent.

This technique is likely being integrated into broader phishing-as-a-service (PhaaS) platforms and phishing kits. These kits enable a wide range of malicious capabilities with ready-made tools, including real-time interception of session cookies, driving phishing campaigns through legitimate services such as Google Tasks and Google Forms, and carry out adversary-in-the-middle (AiTM) attacks that can bypass multi-factor authentication. They also support the generation of phishing emails using AI, implement geo-filtering and anti-detection mechanisms to evade security crawlers and are often hosted on reputable cloud services like AWS to avoid blacklisting.

“The use of legitimate platforms like Bubble introduces a new level of trust abuse, making it harder for both users and automated systems to distinguish between safe and malicious content. This significantly increases the likelihood of credential theft, unauthorised access and potential data breaches,” comments Roman Dedenok, Anti-Spam Expert at Kaspersky.

To be protected, Kaspersky recommends: 

  • Educate employees so that they understand that corporate credentials should only be entered on verified, official company platforms.
  • Deploy robust security solutions to block access to known and suspicious phishing destinations.
  • Implement advanced anti-phishing technologies at the email gateway to reduce exposure to malicious messages.
  • Stay updated on evolving attacker techniques and integrate threat intelligence into security operations.

Kaspersky warns of a new phishing technique leveraging Bubble, a no-code AI platform

Kaspersky has discovered a new phishing tactic used to evade traditional security controls that exploits Bubble, a platform that allows users to build web and mobile applications through a visual interface without writing code. Attackers are increasingly adopting innovative tools designed for legitimate software development and repurposing them to boost phishing campaigns.
Kaspersky logo

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Innovating the industry with a Cyber Immunity approach, Kaspersky safeguards consumers, businesses, critical infrastructure, and governments from cyberthreats, with over a billion devices protected to date.

Kaspersky ensures Cybersecurity True to Business, focusing on providing clear outcomes, protecting revenue, easing workloads and preventing downtime. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services for organizations of every size, from small businesses to large enterprises, combining proven AI-driven protection technologies with simple management and expert support.

Recognized in independent tests and trusted by millions of individuals worldwide and nearly 200,000 organizations, Kaspersky helps detect threats earlier, respond faster and operate with greater confidence and freedom, protecting what matters most to our clients. Learn more at www.kaspersky.com.

Related Articles Press Releases