Google Cloud projects are being hijacked for phishing campaigns

Multiple hacking collectives in Latin America were observed abusing Google Cloud’s infrastructure in their phishing attacks, the company has confirmed.

In its biannual Threat Horizons Report, Google said at least two threat actors, FLUXROOT and PINEAPPLE, abused Google Cloud as part of their infrastructure.

FLUXROOT was running a phishing campaign to steal login credentials for Mercado Pago, a popular online payments platform for the Latin America region. In its campaign, the threat actor was using Google Cloud container URLs to host the phishing pages, the company said.

PINEAPPLE and Astaroth

“Serverless architectures are attractive to developers and enterprises for their flexibility, cost effectiveness, and ease of use,” Google said in its writeup. “These same features make serverless computing services for all cloud providers attractive to threat actors, who use them to deliver and communicate with their malware, host and direct users to phishing pages, and to run malware and execute malicious scripts specifically tailored to run in a serverless environment.”

Previously, FLUXROOT was seen distributing the Grandoreiro banking trojan.

PINEAPPLE, on the other hand, was using Google Cloud to distribute Astaroth (AKA Guildma), a popular infostealer malware.

“PINEAPPLE used compromised Google Cloud instances and Google Cloud projects they created themselves to create container URLs on legitimate Google Cloud serverless domains such as cloudfunctions[.]net and run.app,” Google explained. “The URLs hosted landing pages redirecting targets to malicious infrastructure that dropped Astaroth.”

In response to these campaigns, the company took down the malicious Google Cloud projects, and updated its Safe Browsing list.

“Threat actors take advantage of the flexibility and ease of deployment of serverless platforms to distribute malware and host phishing pages,” the company concluded. “Threat actors abusing cloud services shift their tactics in response to defenders’ detection and mitigation measures.”

Via The Hacker News

More from TechRadar Pro

https://cdn.mos.cms.futurecdn.net/6tqRVDq2EAcaFcNtDomiCe-1200-80.jpg

Source link

Celebrate Apple’s 50th birthday with these deals on watches and AirPods

ChatGPT comes to Apple CarPlay but only if you are willing to talk to a robot

7 new horror movies on Netflix, Shudder, HBO Max, and more in April 2026

7 new horror movies on Netflix, Shudder, HBO Max, and more in April 2026

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

10 Horror TV Shows & Movies To Watch After Something Very Bad Is Going To Happen

Russell Crowe’s WWII Thriller Is Still One of the Most Addictive War Dramas on Netflix

What is your Must Play Playstation Game you Recommend to People?

An Inspired Journey in Airbnb Wealth Creation – Hollywood Life

Trump says Iran war’s core objectives near completion

Oil Price Today (April 2): Oil jumps 5% to cross $106/barrel after Trump’s comments erase de-escalation hopes

ICC moves ahead with disciplinary proceedings against chief prosecutor Khan, WSJ reports

Positive Breakout: These 10 stocks cross above their 200 DMAs

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Google Cloud projects are being hijacked for phishing campaigns

Trump says Iran war’s core objectives near completion

10 Horror TV Shows & Movies To Watch After Something Very Bad Is Going To Happen

Oil Price Today (April 2): Oil jumps 5% to cross $106/barrel after Trump’s comments erase de-escalation hopes

Russell Crowe’s WWII Thriller Is Still One of the Most Addictive War Dramas on Netflix