Phishing sites on Firebase Storage. The lack of reaction by Firebase Team.
514 views
Skip to first unread message
CERT-GIB
Jan 5, 2021, 5:02:49 PM1/5/21
to Firebase Google Group
Good day!
Since December 2020, there has been no response from Firebase to our complaints about phishing sites aimed at stealing payment information from Internet users.
The phishing resources:
hXXps://hdcvacxaum[.]web[.]app/#bWFyY29zLnJhbWlyZXpAYmFub3J0ZS5jb20=
hXXps://piraeus-winbk[.]web[.]app
hXXps://winbank-piraeus[.]web[.]app/login
*** Please change [.] to . in the URL above.
hXXps://hdcvacxaum[.]web[.]app/#bWFyY29zLnJhbWlyZXpAYmFub3J0ZS5jb20=
hXXps://piraeus-winbk[.]web[.]app
hXXps://winbank-piraeus[.]web[.]app/login
*** Please change [.] to . in the URL above.
We also filled out forms several times
https://support.google.com/code/contact/cloud_platform_report?hl=en
https://safebrowsing.google.com/safebrowsing/report_general/
https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
https://firebase.google.com/support/troubleshooter/contact
The problem was also reported to US-CERT and GIST (Google Information Security Team).
But since then the problem is still relevant, we ask your help in suspending these sites. Also, please provide information on the correct method of abusing such phishing sites in the future.
Thank you for your cooperation and prompt attention to this matter.
Best Regards,
CERT-GIB
Phone: +7 (495) 988-00-40
E-Mail: s...@cert-gib.com
Web: group-ib.com/cert.html
jus...@google.com
Jan 7, 2021, 8:30:25 PM1/7/21
to Firebase Google Group
CERT-GIB, thanks for flagging this! These forms you submitted to are the right places: https://support.google.com/code/contact/cloud_platform_report?hl=en and https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
Unfortunately, Firebase is unable to remove content; it must be done through a process (which you've kicked off). The content is hosted on Google Cloud Storage and removals, in general, have to be done through those Cloud safety teams. I've let the team know that you reached out about these URLs.
Best,
Ke
CERT-GIB
Jan 26, 2021, 5:14:29 AM1/26/21
to Firebase Google Group
Good day!
However, we found a bunch of new phishing resources:
hXXp://home-bank-ing[.]web[.]app
hXXps://ing-belgique-bank[.]web[.]app/mise-%C3%A0-jour/Card-Reader
hXXp://belgique-ing[.]web[.]app
hXXps://belgique-ing[.]web[.]app/mise-%C3%A0-jour/Card-Reader
*** Please change [.] to . in the URL above.
As previously we have already written numerous complaints about these sites on firebase...@google.com and filled out mentioned required forms several times.
We also reported about the problem to compentent CERTs.
All in all, the situation repeats, we have not received any response, and the phishing is still alive. So since the problem is still relevant, we ask your help in suspending these sites.
Thank you for your cooperation and prompt attention to this matter.
--
Best Regards,
CERT-GIB
Phone: +7 (495) 988-00-40
E-Mail: s...@cert-gib.com
Web: group-ib.com/cert.html
We are glad to inform you that previously mentioned phishing resources are succesfully suspended.
hXXp://home-bank-ing[.]web[.]app
hXXps://ing-belgique-bank[.]web[.]app/mise-%C3%A0-jour/Card-Reader
hXXp://belgique-ing[.]web[.]app
hXXps://belgique-ing[.]web[.]app/mise-%C3%A0-jour/Card-Reader
*** Please change [.] to . in the URL above.
We also reported about the problem to compentent CERTs.
All in all, the situation repeats, we have not received any response, and the phishing is still alive. So since the problem is still relevant, we ask your help in suspending these sites.
Thank you for your cooperation and prompt attention to this matter.
--
Best Regards,
CERT-GIB
Phone: +7 (495) 988-00-40
E-Mail: s...@cert-gib.com
Web: group-ib.com/cert.html
пятница, 8 января 2021 г. в 04:30:25 UTC+3, jus...@google.com:
Ke Deng
Jan 26, 2021, 12:27:41 PM1/26/21
to fireba...@googlegroups.com
Hi there,
When were your reports submitted? Also, the firebase-removals@ alias will not be able to help with phishing. You can continue to fill out the Google Cloud forms -- those are the only forms that route phishing reports to the right team.
--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/6709f8cb-50c8-49e2-8fb8-a993d7c54040n%40googlegroups.com.
CERT GIB
Mar 5, 2021, 6:26:47 AM3/5/21
to Firebase Google Group
Good day!
hXXps://ing-belgique-bank[.]web[.]app/mise-%C3%A0-jour/Card-Reader
hXXp://belgique-ing[.]web[.]app
hXXps://belgique-ing[.]web[.]app/mise-%C3%A0-jour/Card-Reader
hXXp://belgique-ing[.]web[.]app
hXXps://belgique-ing[.]web[.]app/mise-%C3%A0-jour/Card-Reader
The resources are still available.
We have sent abuse reports enormous times. We filled out Google Cloud forms and didn't get reply. Could you get update about this resources since it's really vital cases.
We have sent abuse reports enormous times. We filled out Google Cloud forms and didn't get reply. Could you get update about this resources since it's really vital cases.
вторник, 26 января 2021 г. в 20:27:41 UTC+3, jus...@google.com:
Sam Stern
Mar 5, 2021, 11:08:06 AM3/5/21
to Firebase Google Group
Please don't send these messages to this group. This is a community group and not the right place to report or resolve abuse issues. As mentioned in the past you can contact support or Cloud Abuse to handle this.
- Sam
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/832b5352-5f51-42f4-9599-90bdddc5157cn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages