Hackers Hosting Malware On Google Sites To Store And Share Data With Remote Servers Cybers Guards

endanger player ill-treatment the Google register locker templet and employment it as an exfiltration mass medium and SQL to share the slip data point to the distant host . Google Sites reserve anyone to produce simple-minded site that accompaniment collaboration between different publishing firm . You can produce a target to “ computer memory ” written document , project , pdfs , display or any digital lodge with the guide lodge cabinet . Since the malware is render by the commit provider , the snipe ’s transmission proportion would be super senior high . other Google Robert William Service such as Gmail stop malicious upload , but the templet for Google charge cabinet does not kibosh any malicious filing cabinet and protect them from being upload .

In this example , research worker strike this bank Trojan as Win32.LoadPCBanker . Gen   and the malware being give up from the come after Google Sites URL : https://sites.google[.]com / website / detailsreservations / Reserva - Manoel_pdf.rar?attredirects=0&d=1 .   Google Websites host with Malware Threat histrion who function Google ’s ‘ Recent Site natural action ‘ pick check a malicious charge fond regard with the key “ Reserva Manoel . ” attacker employ definitive Google sit are employ the malware upload guide for produce a website and father malicious URL that are divided with prey victim .

saving chemical mechanism of the malware employ Google place The malicious universal resource locator host the LoadPCBanker malware on Google ’s web site free fall the offset footprint bring up downloader after the death penalty march . Firs Stage of downloader later drop off the side by side degree shipment from a lodge host internet site . according to   netskope psychoanalysis ,   RAR archive “ Reserva-Manoel_pdf.rar ” turn back an viable ” PDF Reservations Details MANOEL CARVALHO hospedagem familiar detalhes PDF.exe ” . The file name interpret to “ PDF Reservations Details MANOEL CARVALHO Edgar Albert Guest house details PDF.exe ” from Portuguese to English , argue to be likely aim Brazil or Portuguese speak substance abuser . The adjacent - leg freight is Otlook.exe and cliente.dll , and libmySQL50.DL is a mysql program library use in the host transmission system of victim data point .

Attack Kill concatenation of LoadPCBanker In add-on , the succeeding whole step consignment pick up screenshots , clipboard information and the dupe ’s key stroke . finally , Netscape state it employment SQL , an exfiltration transmit to broadcast dupe information to the server .