Since September 2023, we have observed a significant increase in the volume of malicious emails leveraging the Google Cloud Run service to infect potential victims with banking trojans. Some of the highest volume campaigns recently observed were being used to deliver the Astaroth, Mekotio, and Ousaban banking trojans to victims largely located in Latin American countries. We have also observed lower volume campaign victims located throughout Europe and North America, which may indicate less geographically focused targeting by threat actors moving forward. The current variant of Astaroth targets more than 300 institutions across 15 Latin American countries.
Additionally, we have observed all three malware families being delivered during the same timeframe from the same storage bucket within Google Cloud. In the case of Ousaban, the payload was being delivered as part of the same Astaroth infection previously ..
Support the originator by clicking the read the rest link below.