Cloud Security, Threat Intelligence

Google Cloud exploited in FLUXROOT, PINEAPPLE attacks

Share
Google Cloud sign outside headquarters

Intrusions exploiting Google Cloud infrastructure have been launched by Latin America-based threat operations FLUXROOT and PINEAPPLE, The Hacker News reports.

FLUXROOT exploited Google Cloud container URLs to establish phishing pages distributing the Grandoreiro banking trojan, which proceeded to exfiltrate credentials from widely used LatAm online payments platform Mercado Pago, according to Google's Threat Horizons Report. On the other hand, attacks by PINEAPPLE involved the utilization of breached Google Cloud instances and self-created Google Cloud projects to facilitate the establishment of container URLs for sites that deployed the Astaroth information-stealing malware, also known as Guildma, against Brazilian users, noted Google, which has already removed the attackers' Google Cloud projects and issued a Safe Browsing list update to prevent further compromise. "Threat actors take advantage of the flexibility and ease of deployment of serverless platforms to distribute malware and host phishing pages. Threat actors abusing cloud services shift their tactics in response to defenders' detection and mitigation measures," said Google.

An In-Depth Guide to Cloud Security

Get essential knowledge and practical strategies to fortify your cloud security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.