Hackers Exploiting Malware In Google Docs

Uploaded on 2025-03-06 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

A particularly insidious form of malware known as Infostealer is a program that is designed to quietly infect a system and run discretely in the background, to secretly steal sensitive data like passwords or chat logs and send them back to hackers. After it infects a system, it gathers sensitive data such as login credentials, credit card details, chat logs, browsing history and more.

Hackers are now using infostealer on traditional platforms like Google Docs to steal sensitive data from users, according to a new report by AhnLab's Security Intelligence Center (ASEC). 

It uses a tactic known as “malware-as-a-service,” which is making it more difficult for security systems to detect threats and is increasingly being used to target both individuals and organisations worldwide.These criminal programs are usually delivered through phishing attacks, compromised websites, masquerading as pirated software or malicious attachments.

One of the most well known infostealers is LummaC2, which has been active since 2022. It targets browsers, stealing critical information like passwords, cookies, and autofill data. But, a newer hacker, ACRStealer, has recently been discovered by ASEC.

ASEC monitors the Infostealer malware disguised as illegal programs such as cracks and keygens being distributed, and publishes related trends and changes through the Ahnlab TIP and ASEC Blog posts. While the majority of the malware distributed in this manner has been the LummaC2 Infostealer, the ACRStealer Infostealer has seen an increase in distribution.

Infostealer is being increasingly used by cyber criminals, specialising in stealing system data, credentials, crypto-currency wallet details, and configuration files from across a range of different programs.

What sets ACRStealer apart is its use of trusted platforms to communicate with its command-and-control (C2) servers. Rather than embedding the C2 address directly in the malware, attackers use platforms like Google Docs, Steam, and Telegra.ph as intermediaries.

By encoding the C2 address in Base64 and storing it on these trusted sites, attackers can avoid detection, making the malware harder to track. This method, known as Dead Drop Resolver (DDR), allows the malware to function with minimal risk of being detected by security software. The type of data ACRStealer is capable of stealing is extensive. It includes not only browser data, but also text files, FTP credentials, remote access program details, and VPN information.

The malware even targets password managers and chat logs, making it a potent tool for cyber criminals seeking to gather sensitive information.

The use of trusted platforms as delivery methods for malware only underscores the growing complexity of modern cyber attacks.  As cyber criminals continue to evolve their tactics, both individuals and organisations must stay proactive in their cyber security efforts.

Ahnlab     |     I-HIS     |     Tom's Guide     |     Yahoo  |    Cyber News   |     Security Magazine

Image: Unsplash

You Might  Also Read: 

The Proliferation Of Open Source Malware:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« DeepSeek - A Deep Dive Reveals More Than One Red Flag
Orange Group Hacked - User Data Stolen »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Cyberis

Cyberis

Cyberis are pioneers in customer-focussed information security. Since 2011, we’ve been helping businesses protect their brands, customers and reputation.

Armor

Armor

Armor provide managed cloud security solutions for public, private, hybrid or on-premise cloud environments.

HPE Aruba Networking

HPE Aruba Networking

HPE Aruba Networking, a Hewlett Packard Enterprise company, is a leading provider of next-generation network access solutions for the mobile enterprise.

Qualitest Group

Qualitest Group

Qualitest is the world’s largest pure play Quality Assurance and software testing company.

QATestLab

QATestLab

QATestLab is a leading International software testing company offering a full range of software testing services including security testing.

Regulus Cyber

Regulus Cyber

Regulus enables drones, robots and autonomous vehicles to operate safely, without malicious or accidental interference to the operation of their mission.

Automation & Cyber Solutions (ACS)

Automation & Cyber Solutions (ACS)

Automation & Cyber Solutions delivers a range of Industrial Automation and Cyber solutions & services to sectors including Oil & Gas, Chemicals & Petrochemicals, Power and others.

SoftLock

SoftLock

Softlock is a regional leader in Information Security providing solutions, consulting, integration and testing services to protect information assets, identities and supporting infrastructure.

Accredia

Accredia

Accredia is the national accreditation body for Italy. The directory of members provides details of organisations offering certification services for ISO 27001.

Startup Capital Ventures

Startup Capital Ventures

Startup Capital Ventures is an early stage venture capital firm with a focus on FinTech, Cloud/SaaS, Security, Healthcare IT, and IoT.

NanoVMs

NanoVMs

NanoVMs is the industry's only unikernel platform available today. NanoVMs runs your applications as secure, isolated virtual machines faster than bare metal installs.

Salt Cybersecurity

Salt Cybersecurity

Salt Cybersecurity offer a four-pronged approach to information security that includes Custom Security Policy, Vulnerability Assessment, Threat Detection, and Security Awareness Training.

KanREN

KanREN

KanREN is a member based consortium offering custom, world-class network services and support for researchers, educators, and public service institutions in the state of Kansas.

CyberX9

CyberX9

CyberX9 helps you protect against a wide range of cyber attacks whether you are a business or a high-net worth individual under risk.

GreenPages Technology Solutions

GreenPages Technology Solutions

GreenPages provide expert strategic guidance and proven cloud-era solutions for our clients. Every day we help organizations leverage the cloud securely with less risk and cost.

Softanics

Softanics

Softanics’ ArmDot protects .NET apps with advanced obfuscation, control flow protection, and virtualization, securing code against reverse engineering without requiring agents or environment changes.