Security experts have issued a warning about hackers exploiting Google Cloud Run to distribute significant amounts of banking trojans such as Astaroth, Mekotio, and Ousaban.
Google Cloud Run enables users to deploy various services, websites, or applications without the need to manage infrastructure or worry about scaling efforts.
Starting from September 2023, researchers from Cisco Talos observed a notable surge in the misuse of Google’s service for spreading malware. Brazilian actors initiated campaigns utilizing MSI installer files to distribute malware payloads. According to the researchers’ findings, cybercriminals are increasingly drawn to Google Cloud Run due to its cost efficiency and its ability to circumvent conventional security measures.
The attack methodology typically begins with phishing emails sent to potential victims, disguised to resemble authentic communications such as invoices, financial statements, or messages from local government and tax authorities. While most emails in these campaigns are in Spanish to target Latin American countries, some also use Italian. These emails contain links that redirect to malicious web services hosted on Google Cloud Run.
In certain instances, the malware payload is delivered through MSI files, while in others, the service redirects to a Google Cloud Storage location, housing a ZIP archiv
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: