Threat actors have been exploiting Google Accelerated Mobile Pages (AMP) in phishing campaigns as a new tactic to evade detection, according to cybersecurity firm Cofense. Google AMP is an open source HTML framework designed to improve mobile page performance. Attackers have been abusing a Google AMP feature that allows newly created pages to be hosted on Google AMP URLs, often using Google Analytics to track user interaction. These phishing attacks have been successful at bypassing secure email gateways and reaching their intended targets. The attackers have combined the use of Google AMP URLs with image-based phishing emails and URL redirection tactics to enhance their effectiveness.

Read more: https://www.securityweek.com/google-amp-abused-in-phishing-attacks-aimed-at-enterprise-users/