News on Medial

Google Cloud Run is being targeted in a major new malware campaign — and the threats are on the rise

Techradar · 9m

Hackers are increasingly utilizing Google Cloud Run to deploy their malware and scam campaigns, effectively bypassing security solutions. Google Cloud Run is a service that allows developers to build and deploy websites and web services on a managed platform. Since September 2023, security experts have observed an increase in malicious emails using Google Cloud Run to distribute banking trojans like Astaroth, Mekotio, and Ousaban. Most victims are located in Latin American countries, with Brazil being a prominent source of these emails. Multiple threat actors may be collaborating on a single Google Cloud Run instance, delivering multiple malware families simultaneously. Astaroth is especially dangerous, targeting over 300 institutions across 15 Latin American countries.