Cyber Criminals abuse Google Cloud Run - targets crypto

[cryptomaniac_xxx]

There is a group of hackers right now that are abusing the Google Cloud Run.

Cloud Run is a managed compute platform that lets you run containers directly on top of Google's scalable infrastructure.

https://cloud.google.com/run/docs/overview/what-is-cloud-run

And with that, hackers are using this services and include it in their emails. Mostly the originator of this emails comes from or the target is Spanish and other LAT-AM countries,



And this is a sample copy of an email that the hackers are sending to trap their victims,



And just like any other malwares and trojans, it just used to be attacking banking applications but they have evolved so much in the following years and now crypto is also in their cross hairs. Here are the list of crypto exchanges and wallets,



The malware goes by so many names now as it has been evolving and cyber groups improving it to extend their targets. Most of infection is thru email, so the basic security practice should be used here like not clicking any links from unknown sources.

Find in-depth resources on: https://blog.talosintelligence.com/google-cloud-run-abuse/

[1714603912]

1714603912

[Dave1]

I have read recently of another malware that targeted Latin American countries or those Spanish speaking nations. I don't know maybe there are a lot banks from that region that are really susceptible to banking malwares and trojans and then completely evolved to hit cryptocurrencies as well. So it's really a threatening crypto universe that we navigate as everyone is a target.

And if as much as we think that this groups are going to stop, no, as long as they can make easy money, they will continue what they know best. So yes, the first lesson for every crypto enthusiast is not to trust anything specially links from unknown sources.

[hugeblack]

No open source wallet was mentioned, and some of these services stopped working, such as LBC and Paxful, so I think that the hackers added cryptocurrencies to their list of targets, while their real target was user data and banking data.

In general, it is better to check several times before clicking on an email and use email addresses aliases^[1], as you avoid publishing your email address publicly and you can stop redirection from aliases whenever you want.

[1] https://proton.me/blog/what-is-email-alias

[ABCbits]

Thanks for sharing the link.

The emails contain hyperlinks to Google Cloud Run, which can be identified due to the use of run[.]app as the top-level domain (TLD).

Since that domain owned by google, i'm curious whether email spam filter simply deemed all subdomain under it as non-malicious website.

No open source wallet was mentioned, and some of these services stopped working, such as LBC and Paxful, so I think that the hackers added cryptocurrencies to their list of targets, while their real target was user data and banking data.

Personally i'd speculate creator of the malware assume people who use open-source wallet have better security awareness.

[promise444c5]

There is a group of hackers right now that are abusing the Google Cloud Run.



And just like any other malwares and trojans, it just used to be attacking banking applications but they have evolved so much in the following years and now crypto is also in their cross hairs. Here are the list of crypto exchanges and wallets,

Thanks for this OP, it's a good enlightenment to new dangers .

However  from the img I noticed that most of their targets in crypto are exchange wallets and this give a little more awareness to why we need to take good care of our cryptos, I could barely see a noncustodial wallet from the list.
Generally, emails are mostly  linked to Exchange wallets due to their KYC verifications and this is still somehow an eye opener for Hot storage users probably  emails, judging from the content hot storage aren't left out .
Above all, emails are a major playmaker in this situations  so we should all avoid giving emails out carelessly
Good job OP

[nakamura12]

Thanks for the information OP. As many people have said that criminals do tend to find new innovative ways to steal crypto from whoever fall for it. It is indeed better to be wary of everything thay we're going to do to avoid falling for these type of scheme. All I can say is that there's nothing safe if we are not careful wherever it is either if it is online or physical the same as cheaters in casino even though it is an online casino or a physical casino.

[Nwada001]

Most of infection is thru email, so the basic security practice should be used here like not clicking any links from unknown sources.

Any email that comes from an unknown sender to me, for which I was never expecting mail from anyone, I automatically discard without a second thought, especially when the email then comes with a link. I block both the sender and also trash the email to save me the stress of clicking on the link mistakenly anytime that I'm looking for something in my mail box. 
 
This period, Gmail and Hotmail have been going so well that they detect most of these scam emails and automatically move them to the scam box, where ordinarily anything there should be regarded as not safe, but most people still visit the scam box to get some mail, putting themselves more in danger. 

[teamsherry]

It would be so funny to fall for such a scam unless you've got itchy hands 🤭, why would I click a link from an unknown source, and I think such emails should appear in spam folders unless there is a way to bypass that, anyone who gets scammed should bear it on himself cause I blame only you, people don't still understand thigns personal to us should be treated like our house, would you open the door for an unknown person if he knocks, if not then why click on links that you can't identify the sender. Its lame how people fall for this tricks.

[TravelMug]

It would be so funny to fall for such a scam unless you've got itchy hands 🤭, why would I click a link from an unknown source, and I think such emails should appear in spam folders unless there is a way to bypass that, anyone who gets scammed should bear it on himself cause I blame only you, people don't still understand thigns personal to us should be treated like our house, would you open the door for an unknown person if he knocks, if not then why click on links that you can't identify the sender. Its lame how people fall for this tricks.

You will never know, it's not about itchy hands, it's about how good the emails will be that even the best of us could be gotten by this criminals now. They are really good at tricking anyone, just image that they were able to used Google services itself and turn it into a weapon and victimized everyone. And they have been many variants, meaning they really trying to perfect everything, go under the radar for years so that they can continue to steal money without us knowing until it's too late. Latin countries have been the target, maybe they lack security and it's very lucrative regions for this groups.

[sunsilk]

These criminals are going nowhere but to anything that they can abuse, they'd be there. So, upgrading from bank accounts and traditional ones, they're targeting the exchanges where there's also a lot of money for them to target from their victims.

Although I am not from that region, it's best to avoid anything unusual if someone receives an unknown email, never entertain them and much better if you're going to delete them as soon as possible.

Those that are not aware of this might fall for it, we're fortunate that we've been aware of it now but it's sad that there will be some that may fall.

[Jating]

And with that, hackers are using this services and include it in their emails. Mostly the originator of this emails comes from or the target is Spanish and other LAT-AM countries,

I also created a thread about hackers or cyber criminals targeting countries in Lat-Am. And it's almost the same, they initially target banks and then move and evolved into crypto currency wallets and others related to it. So it's hitting two birds with one stone, means accomplishing two tasks or objectives with a single action or effort and then stealing a lot of money from those regions. And I don't mean anything bad, but maybe this regions doesn't have a great security that's why they are one of the single and biggest targets of hackers? Or it is that there are a lot of hackers in the Spanish speaking countries and obviously, their main target is their local

The Latin America and Caribbean region suffered 137 billion attempted cyberattacks from January to June of this year, an increase of 50% compared to the same period last year (with 91 billion). Mexico was the most attacked country in the region (with 85 billion), followed by Brazil (with 31.5 billion) and Colombia (with 6.3 billion).

In addition to the extremely high numbers, the data reveals an increase in the use of more sophisticated and targeted strategies, such as ransomware. During the first six months of 2022, approximately 384 thousand ransomware distribution attempts were detected worldwide. Of these, 52 thousand were destined for Latin America.

Mexico was the country with the highest ransomware distribution activity in the period, with more than 18 thousand detections, followed by Colombia (17 thousand) and Costa Rica (14 thousand). Peru, Argentina and Brazil appear below.

https://www.fortinet.com/lat/corporate/about-us/newsroom/press-releases/2022/fortinet-registro-137-mil-millones-de-intentos-de-ciberataques-e

[pinggoki]

It would be so funny to fall for such a scam unless you've got itchy hands 🤭, why would I click a link from an unknown source, and I think such emails should appear in spam folders unless there is a way to bypass that, anyone who gets scammed should bear it on himself cause I blame only you, people don't still understand thigns personal to us should be treated like our house, would you open the door for an unknown person if he knocks, if not then why click on links that you can't identify the sender. Its lame how people fall for this tricks.

Don't underestimate how people do their work when it comes to injecting your computer with a virus, there's a reason why these attacks are called Trojans, they mask themselves as useful programs or legitimate emails that will make some click on it and try out the links that's within that Trojan, sure it's funny but when you're the victim of these attacks, you're going be saying different things about this and the victims of these, you can't really say that to the people that are knowledgeable in these kind of stuff that became a victim of these because the emails and the baits that are sent to people are just that good that they can fool even those that have some skills in detecting fraud and such.

[pawanjain]

It's the first time I am hearing about this. This looks like something new and it's good that OP has shared this news with us.
Although I am very careful when it comes to clicking on emails, it's good to be aware of such attacks as we become more aware if we are victims to such attacks.
I couldn't make out anything what was written in the mail though but I am sure that we should just keep avoiding such mails at first place.