Google Cloud projects are being hijacked for phishing campaigns

Multiple hacking collectives in Latin America were observed abusing Google Cloud’s infrastructure in their phishing attacks, the company has confirmed.

In its biannual Threat Horizons Report, Google said at least two threat actors, FLUXROOT and PINEAPPLE, abused Google Cloud as part of their infrastructure.

FLUXROOT was running a phishing campaign to steal login credentials for Mercado Pago, a popular online payments platform for the Latin America region. In its campaign, the threat actor was using Google Cloud container URLs to host the phishing pages, the company said.

PINEAPPLE and Astaroth

“Serverless architectures are attractive to developers and enterprises for their flexibility, cost effectiveness, and ease of use,” Google said in its writeup. “These same features make serverless computing services for all cloud providers attractive to threat actors, who use them to deliver and communicate with their malware, host and direct users to phishing pages, and to run malware and execute malicious scripts specifically tailored to run in a serverless environment.”

Previously, FLUXROOT was seen distributing the Grandoreiro banking trojan.

PINEAPPLE, on the other hand, was using Google Cloud to distribute Astaroth (AKA Guildma), a popular infostealer malware.

“PINEAPPLE used compromised Google Cloud instances and Google Cloud projects they created themselves to create container URLs on legitimate Google Cloud serverless domains such as cloudfunctions[.]net and run.app,” Google explained. “The URLs hosted landing pages redirecting targets to malicious infrastructure that dropped Astaroth.”

In response to these campaigns, the company took down the malicious Google Cloud projects, and updated its Safe Browsing list.

“Threat actors take advantage of the flexibility and ease of deployment of serverless platforms to distribute malware and host phishing pages,” the company concluded. “Threat actors abusing cloud services shift their tactics in response to defenders’ detection and mitigation measures.”

Via The Hacker News

More from TechRadar Pro

https://cdn.mos.cms.futurecdn.net/6tqRVDq2EAcaFcNtDomiCe-1200-80.jpg

Source link

SiriusXM app review: an audio streaming service with something for everyone

How to watch Tottenham vs Aston Villa live stream EPL 2024

Are online dating and data privacy an incompatible match?

Cyberpunk 2077 will be the biggest test for Mac gaming yet

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

People are driving through flames to escape this California wildfire

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

‘Heathers’ is still the best dark comedy about high school hell

Trump vs. Harris: How the election will affect EV adoption

Lumwana’s Super Pit Expansion Officially Launched By Investing.com

How Biden could use a 1947 law to suspend the dockworkers’ strike

Why your Roth IRA conversions could have ‘unintended’ tax consequences

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Google Cloud projects are being hijacked for phishing campaigns

SiriusXM app review: an audio streaming service with something for everyone

How to watch Tottenham vs Aston Villa live stream EPL 2024

Are online dating and data privacy an incompatible match?

Cyberpunk 2077 will be the biggest test for Mac gaming yet