Hacking group uses Google services to control malware

Hacking group uses Google services to control malware

by Sead Fadilpasic, betanews

Carbanak, a powerful cyber-crime group, is using certain Google services as command and control for its malware and other malicious elements. The news was released by cybersecurity firm Forcepoint this week.

Forcepoint uncovered a trojanized RTF document, which, once ran, will “send and receive commands to and from Google Apps Script, Google Sheets, and Google Forms services.”

Each infected user gets a unique Google Sheets spreadsheet, allowing the attackers to “manage” each victim. This approach allows the group two key advantages. One, it allows them to hide in plain sight, and, two, it’s highly unlikely that organizations will be blocking Google services by default, meaning the C&C can be set up successfully.

Forcepoint said it doesn’t know how many of these C&C channels were open, but it did notify Google.

Read the full article here…

How did you like this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.


Leave a Reply