Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Safe Coding Vibe: Full New Guide

June 19, 2025

Bluenoroff Deepfake Zoom AFM Hits Crypto employee with malicious MacOS software

June 19, 2025

Discover the areas hiding in trusted instruments – find out how in this free expert session

June 19, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Hacker groups PINEAPPLE and FLUXROOT abuse Google Cloud for phishing credentials
Global Security

Hacker groups PINEAPPLE and FLUXROOT abuse Google Cloud for phishing credentials

AdminBy AdminJuly 22, 2024No Comments3 Mins Read
Google Cloud for Credential Phishing
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


July 22, 2024Information hallCloud Security / Phishing Attack

Google Cloud for Phishing Credentials

Financially motivated actor codenamed Latin America (LATAM). FLUX ROOT saw the use of Google Cloud serverless projects to orchestrate credential phishing, highlighting the misuse of the cloud computing model for malicious purposes.

“Serverless architectures are attractive to developers and enterprises because of their flexibility, cost-effectiveness and ease of use,” Google said in its biennial release. Threat Horizons Report (PDF) shared with The Hacker News.

“These same features make serverless computing services for all cloud providers attractive to threat actors who use them to deliver and communicate their malware, host and direct users to phishing pages, launch malware and execute malicious scripts, specially designed to work in a serverless environment.”

Cyber ​​security

The campaign involved using Google Cloud container URLs to host phishing credential pages to collect login information associated with Mercado Pago, an online payment platform popular in the LATAM region.

FLUXROOT, according to Google, is a threat known for spreading the Grandoreiro banking trojan, with recent companies also taking advantage of legitimate cloud services such as Microsoft Azure and Dropbox to spread malware.

Separately, Google’s cloud infrastructure was also weaponized by another adversary called PINEAPPLE to distribute another malware known as Astaroth (aka Guildma) in attacks on Brazilian users.

“PINEAPPLE used compromised Google Cloud instances and self-created Google Cloud projects to create container URLs in legitimate Google Cloud serverless domains such as cloudfunctions(.)net and run.app,” Google said. “The URLs were hosted by landing pages that redirected targets to the malicious infrastructure that released Astaroth.”

Additionally, an attacker reportedly attempted to bypass email gateway protections by using mail forwarding services that do not reject messages with a failed sender policy structure (SPF) entries or inclusion of unexpected data in SMTP return path field to cause the DNS query to time out and cause the email authentication to fail.

The search giant said it took steps to mitigate the actions by removing malicious Google Cloud projects and updating it Safe Browsing Lists.

Weaponization of cloud services and infrastructure by threat actors – ranging from illegal mining of cryptocurrencies and consequence with weak configurations to ransomware – was is fed by the increased adoption of the cloud in various industries.

Additionally, this approach has the added benefit of allowing opponents blend in with normal network activitywhich makes detection much more difficult.

“Threat actors are taking advantage of the flexibility and ease of deployment of serverless platforms to distribute malware and host phishing pages,” the company said. “Threat actors abusing cloud services are changing their tactics in response to the detection and mitigation measures defenders are taking.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Safe Coding Vibe: Full New Guide

June 19, 2025

Bluenoroff Deepfake Zoom AFM Hits Crypto employee with malicious MacOS software

June 19, 2025

Discover the areas hiding in trusted instruments – find out how in this free expert session

June 19, 2025

Russian APT29 operates Gmail app passwords to get around 2FA in the target phishing campaign

June 19, 2025

Meta adds support to logy for Android and iOS users

June 19, 2025

Linux’s new drawbacks provide complete root access via PAM and Udisks in major distributions

June 19, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Safe Coding Vibe: Full New Guide

June 19, 2025

Bluenoroff Deepfake Zoom AFM Hits Crypto employee with malicious MacOS software

June 19, 2025

Discover the areas hiding in trusted instruments – find out how in this free expert session

June 19, 2025

Russian APT29 operates Gmail app passwords to get around 2FA in the target phishing campaign

June 19, 2025

Meta adds support to logy for Android and iOS users

June 19, 2025

Linux’s new drawbacks provide complete root access via PAM and Udisks in major distributions

June 19, 2025

The new malicious company uses Cloudflare tunnels to deliver rats through phishing networks

June 18, 2025

1500+ Minecraft players infected with malicious Java software

June 18, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Safe Coding Vibe: Full New Guide

June 19, 2025

Bluenoroff Deepfake Zoom AFM Hits Crypto employee with malicious MacOS software

June 19, 2025

Discover the areas hiding in trusted instruments – find out how in this free expert session

June 19, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.