A banking trojan is a type of malware that mainly focuses its attack on the financial services of the victim. It can steal data about a person’s banking credentials and financial information to gain access to their financial services. These malware hide under the camouflage of useful software or fake websites. In recent months, banking trojan attacks have risen as reports by Cisco Talos and ThreatFabric suggest. Hackers are using Google services to spread the trojans in Europe and Latin America.
Abusing Google Services to run and distribute trojans
This month, ThreatFabric, a company that provides online payment fraud solutions and intelligence for the financial services sector, signals the rise of the Anatsa trojan in Europe and beyond. The company’s Mobile Threat Intelligence team detected five consecutive campaigns of the Anatsa attacks since November 2023. They identified 5 Android apps in the Google Play Store as droppers which have been downloaded over 100,000 times. These apps exploit the AccessibilityService of the Android operating system.
Around the same time, Cisco Talos also published an article showing that hackers are using Google Cloud Run to distribute Astaroth, Mekotio, and Osuaban trojans. The company noticed a significant increase in emails associated with these trojan campaigns since September 2023.
Cloud Run lets users build and deploy web services from Google Cloud. It offers a dashboard with graphs and options similar to Traffic Distribution Systems commonly used by malware distributors. The system also offers an Application Programming Interface that allows rapid automated deployment of web services. Unfortunately, hackers are abusing the Cloud Run services to distribute a large volume of malware.
The past few years have seen the importance of cybersecurity, and this is no different especially since this involves the finances of users. The reports from Cisco Talos and ThreatFabric have alerted users and bank authorities to take necessary steps to ensure cybersecurity to prevent malware attacks.
Photo credit: The feature image is symbolic and has been done by Tima Miroshnichenko.
