Google's Cloud Run Service Spreads Several Bank Trojans

Posted under: Web technologies
Date: 2024-02-21
Google's Cloud Run Service Spreads Several Bank Trojans

Cisco Talos researchers have observed an increase in campaigns using the Google Cloud Run Service to spread banking malware, including the Astaroth, Mekiotio, and Ousaban strains. The campaigns, initially targeting Latin America, have now spread to Europe and North America. The cyberattacks start with an email, often using themes related to invoices or financial documents, and sometimes posing as from the local government tax agency in the targeted country. The emails contain malicious links that lead to threat actor controlled Cloud Run Web services. The Trojan is often dropped with a malicious Microsoft Installer directly from the adversarial Google Cloud Run Web service. Attackers are deploying cloaking mechanisms to avoid detection, such as using geoplugin to redirect domains to a page for checking Proxy and Crawler, and a threat level is given based on the collected information.

Read more at: www.darkreading.com