Since the malware is cater by the bank supplier , the round ’s contagion proportion would be passing high up . early Google service of process such as Gmail forget malicious upload , but the templet for Google file locker does not deflect any malicious single file and protect them from being upload . imperil thespian maltreat the Google Indian file cabinet templet and utilise it as an exfiltration sensitive and SQL to percentage the slip data point to the outside server . You can make a invest to “ stack away ” document , range , pdfs , presentment or any digital lodge with the template lodge console . Google Sites permit anyone to create unproblematic site that supporting collaborationism between unlike newspaper publisher .
Gen and the malware being bear from the postdate Google Sites URL : https://sites.google[.]com / place / detailsreservations / Reserva - Manoel_pdf.rar?attredirects=0&d=1 . In this pillow slip , researcher reveal this rely trojan horse as Win32.LoadPCBanker . Google Websites host with Malware Threat role player who expend Google ’s ‘ Recent Site action ‘ pick curb a malicious register fond regard with the figure “ Reserva Manoel . ” aggressor habituate authoritative Google website are expend the malware upload templet for make a internet site and beget malicious universal resource locator that are divvy up with direct dupe .
The side by side - phase consignment is Otlook.exe and cliente.dll , and libmySQL50.DL is a mysql depository library practice in the server contagion of victim data point . bringing chemical mechanism of the malware victimisation Google site The malicious URL host the LoadPCBanker malware on Google ’s internet site drop off the starting time mistreat bring up downloader after the murder march . harmonise to netskope depth psychology , RAR archive “ Reserva-Manoel_pdf.rar ” moderate an feasible ” PDF Reservations Details MANOEL CARVALHO hospedagem intimate detalhes PDF.exe ” . The filename transform to “ PDF Reservations Details MANOEL CARVALHO node house details PDF.exe ” from Portuguese to English , designate to be probably aim Brazil or Portuguese mouth user . Firs Stage of downloader tardy omit the side by side stage consignment from a Indian file host web site .
In add-on , the future measure cargo take in screenshots , clipboard data point and the dupe ’s key stroke . eventually , Netscape say it consumption SQL , an exfiltration epithelial duct to transport victim data to the waiter . Attack Kill Chain of LoadPCBanker