Spy Banker Trojan Being Hosted On Google Cloud

Spy Banker spreading through Brazil via malicious links posted on social networks.

Sara Peters, Senior Editor

December 10, 2015

1 Min Read

The Spy Banker Trojan is spreading through Brazil through the help of Google and Facebook, according to researchers at ZScaler ThreatLabZ.

Attackers host the Spy Banker downloader on Google Cloud servers. The downloader, in turn, installs the payload Spy Banker Trojan Telax.

Victims are infected by drive-by download or led to it via links (shortened with the bit.ly URL shortener) posted on social networking sites -- 99 percent of the unsuspecting victims who clicked the link came through Facebook. The links claim to be for coupons or free software, including security software like Avast! anti-virus.

The Trojan has some stealthy capabilities. To stay out of the hands of security pros, one of the first things it does is check a machine for the presence of a virtual environment. It collects information about the anti-virus software running on the host machine and sends it back to the command-and-control server. It also contains both a 32-bit rookit and 64-bit rookit component.

This is not the first time Google is being used by attackers. In July, researchers discovered a phishing campaign that hosted malicious sites on Google Drive, and lured via phishing messages sent through Gmail. 

About the Author(s)

Sara Peters

Senior Editor

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad of other topics. She authored the 2009 CSI Computer Crime and Security Survey and founded the CSI Working Group on Web Security Research Law -- a collaborative project that investigated the dichotomy between laws regulating software vulnerability disclosure and those regulating Web vulnerability disclosure.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights