Targeted Attacks Abusing Google Cloud Platform

Google Cloud Platform (GCP) services have been targeted by a newly discovered malware campaign delivering malware via PDF file decoys, according to Netskope Threat Research Labs. Attackers are reportedly using the Google Cloud App Engine platform to deliver malware with PDF decoys, identified as PDF_Phish.Gen, and GCP URLs that redirect victims to malicious payloads. *UPDATE* A Google spokesperson wrote to Infosecurity, “As of January 18, 2019, the issue described in this report has been fixed. Protecting our customers from phishing attacks is a top priority for Google. We proactively warn users whenever they are being redirected to a URL outside of a Google domain. Additionally, if a user attempts to proceed to an untrusted site, we warn them of known malicious URLs through Google Safe Browsing filters.”