Intrusions exploiting Google Cloud infrastructure have been launched by Latin America-based threat operations FLUXROOT and PINEAPPLE, The Hacker News reports.
FLUXROOT exploited Google Cloud container URLs to establish phishing pages distributing the Grandoreiro banking trojan, which proceeded to exfiltrate credentials from widely used LatAm online payments platform Mercado Pago, according to Google's Threat Horizons Report. On the other hand, attacks by PINEAPPLE involved the utilization of breached Google Cloud instances and self-created Google Cloud projects to facilitate the establishment of container URLs for sites that deployed the Astaroth information-stealing malware, also known as Guildma, against Brazilian users, noted Google, which has already removed the attackers' Google Cloud projects and issued a Safe Browsing list update to prevent further compromise. "Threat actors take advantage of the flexibility and ease of deployment of serverless platforms to distribute malware and host phishing pages. Threat actors abusing cloud services shift their tactics in response to defenders' detection and mitigation measures," said Google.