Google has revealed that several hacking groups in Latin America have been misusing its Cloud infrastructure for phishing attacks. According to the company’s latest Threat Horizons Report, at least two hacking collectives, known as FLUXROOT and PINEAPPLE, have been exploiting Google Cloud services.
FLUXROOT was found running a phishing campaign aimed at stealing login credentials for Mercado Pago, a major online payment platform in Latin America. This group used Google Cloud container URLs to host their fake phishing websites.
PINEAPPLE, on the other hand, was caught using Google Cloud to distribute Astaroth malware, also known as Guildma. This malware is designed to steal information. PINEAPPLE created and used Google Cloud projects to set up container URLs on legitimate Google Cloud serverless domains like cloudfunctions.net and run.app. These URLs hosted phishing landing pages that redirected victims to malicious sites where Astaroth was downloaded.
Google noted that serverless computing services, which are popular for their flexibility, cost-efficiency, and ease of use, are also attractive to cybercriminals. They leverage these services to run malware, direct users to phishing sites, and execute malicious scripts.
In response to these abuses, Google has removed the harmful Google Cloud projects involved and updated its Safe Browsing list to protect users. The company emphasized that hackers continually adapt their methods to bypass security measures, exploiting cloud services due to their convenient deployment features
Via The Hacker News
