Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
GTFire is a threat actor that leverages Google Firebase for hosting phishing pages and Google Translate to disguise malicious URLs, effectively bypassing security filters. The campaign employs a multi-step redirect chain to obscure the final phishing destination and utilizes All-in-1 PHP phishing scripts for rapid deployment and credential harvesting. Credentials are exfiltrated via URL parameters in a standard HTTP GET request, with minimal operational overhead.
No exploited CVEs have been attributed to this threat actor yet.
Browse CVE Database