430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Google Drive once again exploited in a sophisticated phishing attack

Cybercriminals and states-sponsored hackers are leveraging Google Drive site and other cloud storage to operate in a stealthy way and avoid detection. Cybercriminals and attackers are exploiting once again Google Drive infrastructure to avoid detection. The exploitation of Google Drive cloud storage by cyber criminals is not a novelty, a few days ago experts at […]

Google Drive once again exploited in a sophisticated phishing attack

Cybercriminals and states-sponsored hackers are leveraging Google Drive site and other cloud storage to operate in a stealthy way and avoid detection.

Cybercriminals and attackers are exploiting once again Google Drive infrastructure to avoid detection. The exploitation of Google Drive cloud storage by cyber criminals is not a novelty, a few days ago experts at TrendMicro detected uncovered a sophisticated  phishing campaign that was organized to syphon sensitive data from victims.

This time, cyber criminals have published a modified version of the legitimate Google Drive login page to steal email credentials from victims. The researchers consider the attack an improved version of the cyber attacks discovered early this year.

As usual the attacks starts with a phishing email containing a link to a bogus Google Drive site that allows victims to log in using different email services, including Yahoo and Hotmail.

fake google drive

Once the used logged in is redirected to a legitimate site by the phishing site, the landing document is legitim and is used to deceive victims int thinking that no suspicious activities are going on despite nothing in the content of the email references the “document”.

Analyzing the code of the page, the experts discovered the presence of the Chrome save tag, which indicates that phishers behind the campaign have saved the source of the legitimate Google Drive login page and added malicious cod

“e. And since this site recycled code from Google Drive, all the checkers for proper entries are still in place. The phishing site will only accept email addresses in the proper format (e.g., <accountname>@<serviceprovider>.com). This is a marked difference from the earlier phishing pages, which accepted anything, even gibberish.” states a blog post published by TrendMicro.

fake google drive 2

When victims click on the “Sign In” button, its credentials and data on mail service choose are sent to a specific URL. The attack seems to be effective also on mobile devices.

fake google drive 3

The phishing website used by the threat actors is a Chinese sports forum, that was probably compromised by the attackers. The experts speculated that that cybercriminals are using the stolen data to hit other victims and that the malicious campaign have been going on for at least three months.

Despite the level of awareness on phishing the technique is still very effective has explained in the last APWG report, for this reason be careful when open emails, even those from friends, and avoid clicking links that are embedded in the content.

Rolling over the mouse on the link you can vision the real URL associated to the link and check if the domain name has any typo error or different names from the legitimate website.

Do not be fooled by the use of the HTTPS protocol because the practice of use the HTTPs phishing is rapidly increasing.

Pierluigi Paganini

Security Affairs –  (Google Drive, cybercrime)