Attackers are abusing Google’s Apps Script business application development platform to steal credit card information submitted by customers of e-commerce websites while shopping online.
Interesting report highlighting how Google Apps Script is being exploited as a vector to skim card data. The post is worth reading for more details but in short the script.google.com address for webapps is being used as a trusted domain to avoid detection. The post also mentions how Google Analytics is being used for a similar exploit. How this will all play out is yet to be seen.
Source: Hackers abuse Google Apps Script to steal credit cards, bypass CSP
Member of Google Developers Experts Program for Google Workspace (Google Apps Script) and interested in supporting Google Workspace Devs.