Phishing campaign targets finance employees with RATs downloaded from Google Cloud Storage

A recently discovered phishing campaign has been targeting financial sector employees in the U.S. and UK with remote access trojan payloads stored on a Google Cloud Storage domain.In a company blog post today, researchers from Menlo Security’s Menlo Labs division report that the campaign seeks to infect PCs and other endpoints by tricking victims into clicking on malicious links that lead to .zip or .gz archive files hosted on hosted on storage.googleapis.com. “Bad actors may host their payloads using this widely trusted domain as a way to bypass security controls put in place by organizations or built into commercially security products,” the blog post explains. “It’s an example of the increased use of ‘reputation-jacking’ – hiding behind well-known, popular hosting services to help avoid detection.”