Hackers Hosting Malware On Google Sites To Store And Share Data With Remote Servers Cybers Guards

threaten worker ill-use the Google single file locker templet and role it as an exfiltration metier and SQL to apportion the steal information to the remote host . Google Sites allow for anyone to make dim-witted website that back up collaboration between dissimilar publishing house . You can produce a send to “ shop ” written document , epitome , pdfs , presentment or any digital data file with the templet file cabinet . Since the malware is provide by the hope provider , the assail ’s infection proportion would be super luxuriously . other Google armed service such as Gmail impede malicious upload , but the guide for Google data file cabinet does not stuff any malicious filing cabinet and protect them from being upload .

In this incase , researcher happen upon this banking Trojan as Win32.LoadPCBanker . Gen   and the malware being return from the postdate Google Sites URL : https://sites.google[.]com / web site / detailsreservations / Reserva - Manoel_pdf.rar?attredirects=0&d=1 .   Google Websites host with Malware Threat doer who utilise Google ’s ‘ Recent Site bodily process ‘ alternative moderate a malicious file away adherence with the epithet “ Reserva Manoel . ” attacker apply Graeco-Roman Google seat are habituate the malware upload template for make a web site and get malicious universal resource locator that are shared out with target area dupe .

bringing mechanism of the malware victimisation Google site The malicious universal resource locator host the LoadPCBanker malware on Google ’s web site strike down the maiden tone rear downloader after the capital punishment litigate . Firs Stage of downloader subsequently driblet the following microscope stage lading from a file host internet site . fit in to   netskope analytic thinking ,   RAR file away “ Reserva-Manoel_pdf.rar ” turn back an executable ” PDF Reservations Details MANOEL CARVALHO hospedagem familiar detalhes PDF.exe ” . The computer file name interpret to “ PDF Reservations Details MANOEL CARVALHO Edgar Albert Guest house details PDF.exe ” from Portuguese to English , indicate to be potential target Brazil or Portuguese speaking drug user . The adjacent - level cargo is Otlook.exe and cliente.dll , and libmySQL50.DL is a mysql subroutine library employ in the host infection of victim data .

Attack Kill string of LoadPCBanker In increase , the next footmark cargo roll up screenshots , clipboard data point and the dupe ’s keystroke . in the end , Netscape articulate it employment SQL , an exfiltration epithelial duct to send off dupe datum to the waiter .