Sign up for The Paypers newsletter Follow The Paypers on LinkedIn Follow The Paypers on Twitter Follow The Paypers on Facebook
The Paypers, paypers, Insight in payments, News, Reports, Events
 advertisement
Digital Identity, Security & Online Fraud

Security alert: Google used for malware command by Carbanak gang

Thursday 19 January 2017 | 12:33 PM CET

Cybersecurity experts have spotted Carbanak cybergang using Google for its malware command-and-control channel.

Since Google is likely to be more successful than using newly created domains or domains with no reputation, the cybercrime group is using Google as an independent command and control channel, Forcepoint Security Labs researchers said for SC Magazine.

The group, also known as Anunak, has recently been spotted using weaponized office documents hosted on mirrored domains, in order to distribute malware, according to a Jan. 17 Forcepoint blog post.

Each time a user is infected, a unique Google Sheets spreadsheet is dynamically created in order to manage each victim. The legitimate use of third party services like Google allow the attacker to hide in plain site because it is unlikely that organization will block Google by default.

This makes it more likely for the attackers to successfully establish command and control channels, researchers said in the post.

Furthermore, Forcepoint Security Labs researcher Nicholas Griffin told SC Media that as far as he knows, Google has been made aware of the incident and are investigating and tracking the group.

Commenting on this John Gunn, VASCO Data Security said, “the result of this arms race is that, increasingly, the area of greatest vulnerability is the human factor. There is no patch for gullibility that can protect users from social engineering attacks. This is typically the first step in these types of attacks, and this will continue to compromise millions of users.”

More: Link
 advertisement
 advertisement
 advertisement
 advertisement