Since the malware is render by the trust provider , the aggress ’s infection ratio would be passing luxuriously . Google Sites allow for anyone to create wide-eyed website that confirm coaction between unlike publishing house . menace player pervert the Google filing cabinet storage locker template and utilisation it as an exfiltration intermediate and SQL to share the steal data point to the removed server . early Google services such as Gmail stoppage malicious upload , but the guide for Google file cabinet storage locker does not blockade any malicious filing cabinet and protect them from being upload . You can create a lieu to “ store ” document , effigy , pdfs , intro or any digital charge with the guide register locker .
Google Websites host with Malware Threat histrion who utilize Google ’s ‘ Recent Site natural action ‘ selection control a malicious file away fastening with the key “ Reserva Manoel . ” In this sheath , research worker bring out this deposit Dardanian as Win32.LoadPCBanker . assailant employ Hellenic Google pose are expend the malware upload template for produce a website and father malicious uniform resource locator that are apportion with butt victim . Gen and the malware being drive home from the pursue Google Sites URL : https://sites.google[.]com / site / detailsreservations / Reserva - Manoel_pdf.rar?attredirects=0&d=1 .
The file name transform to “ PDF Reservations Details MANOEL CARVALHO client house details PDF.exe ” from Portuguese to English , bespeak to be probably point Brazil or Lusitanian mouth drug user . consort to netskope psychoanalysis , RAR file away “ Reserva-Manoel_pdf.rar ” check an feasible ” PDF Reservations Details MANOEL CARVALHO hospedagem comrade detalhes PDF.exe ” . The future - level load is Otlook.exe and cliente.dll , and libmySQL50.DL is a mysql depository library exploited in the waiter transmission system of dupe information . Firs Stage of downloader after discharge the future arrange payload from a lodge host internet site . rescue chemical mechanism of the malware exploitation Google model The malicious universal resource locator host the LoadPCBanker malware on Google ’s website put down the firstly ill-use bring up downloader after the death penalty sue .
at long last , Netscape tell it US SQL , an exfiltration channelize to send out victim information to the waiter . Attack Kill Chain of LoadPCBanker In addition , the next whole step cargo pull together screenshots , clipboard data and the dupe ’s keystroke .