One of the most successful cybercriminal gangs ever- Carbanak- is back with a bang, and now they’ve figured out how to abuse services run by Google to help them steal even more money.
The criminal organization is named Carbanak cybergang because of the name of the malware they used to compromise computers at banks and other financial institutions, experts estimated that the hackers swiped over $1 Billion from their victims.
Forcepoint Security Labs researchers said that while investigating an active exploit sent in phishing messages as an RTF attachment, they discovered that the Carbanak group has been hiding in plain site by using Google services for command and control.
“The Carbanak actors continue to look for stealth techniques to evade detection,” Forcepoint’s senior security researcher Nicholas Griffin said in a blog post. “Using Google as an independent C&C channel is likely to be more successful than using newly created domains or domains with no reputation.”
The investigators discovered that the “Carbanak cybergang” hit more than 100 financial institutions in 30 countries, it has been active at least since 2013 and there are strong indications that it may still be ongoing.