A recently discovered phishing campaign has been targeting financial sector employees in the U.S. and UK with remote access trojan payloads stored on a Google Cloud Storage domain.

In a company blog post today, researchers from Menlo Security's Menlo Labs division report that the campaign seeks to infect PCs and other endpoints by tricking victims into clicking on malicious links that lead to .zip or .gz archive files hosted on hosted on storage.googleapis.com. 

"Bad actors may host their payloads using this widely trusted domain as a way to bypass security controls put in place by organizations or built into commercially security products," the blog post explains. "It's an example of the increased use of 'reputation-jacking' – hiding behind well-known, popular hosting services to help avoid detection."

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.