A recently discovered phishing campaign has been targeting financial sector employees in the U.S. and UK with remote access trojan payloads stored on a Google Cloud Storage domain.
In a company blog post today, researchers from Menlo Security's Menlo Labs division report that the campaign seeks to infect PCs and other endpoints by tricking victims into clicking on malicious links that lead to .zip or .gz archive files hosted on hosted on storage.googleapis.com.
"Bad actors may host their payloads using this widely trusted domain as a way to bypass security controls put in place by organizations or built into commercially security products," the blog post explains. "It's an example of the increased use of 'reputation-jacking' – hiding behind well-known, popular hosting services to help avoid detection."
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.