Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns
(blog.talosintelligence.com)
from kid@sh.itjust.works to cybersecurity@sh.itjust.works on 22 Feb 2024 12:14
https://sh.itjust.works/post/15030666
from kid@sh.itjust.works to cybersecurity@sh.itjust.works on 22 Feb 2024 12:14
https://sh.itjust.works/post/15030666
Cisco Talos researchers have reported an alarming rise in banking malware campaigns exploiting Google Cloud Run, with evidence of spread from Latin America to Europe and North America. The attacks, which began in September 2023, involve phishing emails with themes like invoices or tax documents, sometimes impersonating local tax agencies. These emails contain links to malicious Cloud Run web services that deploy banking Trojans such as Astaroth, Mekiotio, and Ousaban. Attackers use evasion techniques like geoplugin to avoid detection. The Astaroth variant has targeted over 300 institutions in 15 Latin American countries, primarily from Brazil. No specific CVEs are mentioned.
IOCs: github.com/…/google-cloud-run-abuse.txt
threaded - newest