Spy Banker Trojan Being Hosted On Google Cloud

  /     /     /  
Publicated : 22/11/2024   Category : security


Spy Banker Trojan Being Hosted On Google Cloud


Spy Banker spreading through Brazil via malicious links posted on social networks.



The Spy Banker Trojan is spreading through Brazil through the help of Google and Facebook,
according to researchers at ZScaler ThreatLabZ
.
Attackers host the Spy Banker downloader on Google Cloud servers. The downloader, in turn, installs the payload Spy Banker Trojan Telax.
Victims are infected by drive-by download or led to it via links (shortened with the bit.ly URL shortener) posted on social networking sites -- 99 percent of the unsuspecting victims who clicked the link came through Facebook. The links claim to be for coupons or free software, including security software like Avast! anti-virus.
The Trojan has some stealthy capabilities. To stay out of the hands of security pros, one of the first things it does is check a machine for the presence of a virtual environment. It collects information about the anti-virus software running on the host machine and sends it back to the command-and-control server. It also contains both a 32-bit rookit and 64-bit rookit component.
This is not the first time Google is being used by attackers. In July, researchers discovered a phishing campaign that hosted malicious sites on Google Drive, and lured via phishing messages sent through Gmail. 

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Spy Banker Trojan Being Hosted On Google Cloud