Hackers Exploiting Malware In Google Docs

Uploaded on 2025-03-06 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

A particularly insidious form of malware known as Infostealer is a program that is designed to quietly infect a system and run discretely in the background, to secretly steal sensitive data like passwords or chat logs and send them back to hackers. After it infects a system, it gathers sensitive data such as login credentials, credit card details, chat logs, browsing history and more.

Hackers are now using infostealer on traditional platforms like Google Docs to steal sensitive data from users, according to a new report by AhnLab's Security Intelligence Center (ASEC). 

It uses a tactic known as “malware-as-a-service,” which is making it more difficult for security systems to detect threats and is increasingly being used to target both individuals and organisations worldwide.These criminal programs are usually delivered through phishing attacks, compromised websites, masquerading as pirated software or malicious attachments.

One of the most well known infostealers is LummaC2, which has been active since 2022. It targets browsers, stealing critical information like passwords, cookies, and autofill data. But, a newer hacker, ACRStealer, has recently been discovered by ASEC.

ASEC monitors the Infostealer malware disguised as illegal programs such as cracks and keygens being distributed, and publishes related trends and changes through the Ahnlab TIP and ASEC Blog posts. While the majority of the malware distributed in this manner has been the LummaC2 Infostealer, the ACRStealer Infostealer has seen an increase in distribution.

Infostealer is being increasingly used by cyber criminals, specialising in stealing system data, credentials, crypto-currency wallet details, and configuration files from across a range of different programs.

What sets ACRStealer apart is its use of trusted platforms to communicate with its command-and-control (C2) servers. Rather than embedding the C2 address directly in the malware, attackers use platforms like Google Docs, Steam, and Telegra.ph as intermediaries.

By encoding the C2 address in Base64 and storing it on these trusted sites, attackers can avoid detection, making the malware harder to track. This method, known as Dead Drop Resolver (DDR), allows the malware to function with minimal risk of being detected by security software. The type of data ACRStealer is capable of stealing is extensive. It includes not only browser data, but also text files, FTP credentials, remote access program details, and VPN information.

The malware even targets password managers and chat logs, making it a potent tool for cyber criminals seeking to gather sensitive information.

The use of trusted platforms as delivery methods for malware only underscores the growing complexity of modern cyber attacks.  As cyber criminals continue to evolve their tactics, both individuals and organisations must stay proactive in their cyber security efforts.

Ahnlab     |     I-HIS     |     Tom's Guide     |     Yahoo  |    Cyber News   |     Security Magazine

Image: Unsplash

You Might  Also Read: 

The Proliferation Of Open Source Malware:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« DeepSeek - A Deep Dive Reveals More Than One Red Flag
Russian Hackers Penetrate Ukrainian Signal Accounts »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Rollbar

Rollbar

Rollbar is a full-stack error monitoring platform for web and mobile applications. We help developers find and fix bugs fast. Built by developers for developers.

Computer & Communications Industry Association (CCIA)

Computer & Communications Industry Association (CCIA)

CCIA supports efforts to facilitate and streamline information sharing on cyber threats between the private sector and the Federal Government.

Agari

Agari

Agari is the Trusted Email Identity Company™, protecting brands and people from devastating phishing and socially-engineered attacks.

National Cyber Security Centre (NCSC) - Switzerland

National Cyber Security Centre (NCSC) - Switzerland

The National Cyber Security Centre is Swizerland's competence centre for cybersecurity and the first contact point for businesses, public administrations, and the public for cyber issues.

Myra Security

Myra Security

Myra technology monitors, analyzes, and filters malicious internet traffic before virtual attacks can do any real harm.

Combis

Combis

COMBIS is a regional high-tech ICT company focused on the development of application, communication, security and system solutions and the provision of services.

Blackwall

Blackwall

Blackwall (formerly BotGuard) is a security infrastructure company focused on protecting web ecosystems from automated threats, while optimizing performance for hosting environments.

Bedrock Systems

Bedrock Systems

BedRock Systems is on a mission to deliver a trusted computing base from edge to cloud, where safety and security isn’t just a perception, it’s a formally proven reality.

Core Sentinel

Core Sentinel

Australia's #1 Penetration Testing Service. Make Your Systems Fully Compliant With Our OSCE CREST/CISA Certified Penetration Testing.

Oivan

Oivan

Oivan harnesses the strengths of the web, mobile, cloud, cybersecurity, and blockchain technologies to help our clients to launch transformative digital services.

Extreme Networks

Extreme Networks

Since 1996, Extreme has been pushing the boundaries of networking technology, driven by a vision of making it simpler and faster as well as more agile and secure.

Bleach Cyber

Bleach Cyber

Bleach Cyber helps small businesses with an affordable and user-friendly solution for managing cloud security.

Judy Security

Judy Security

Judy (formerly AaDya Security) provides smart, simple, effective, all-in-one cybersecurity for SMBs. Get the 24/7 protection and support you deserve, at a price you can afford.

Applied Insight

Applied Insight

Applied Insight work closely with government agencies and industry to overcome technical and cultural hurdles to innovation, empowering them with the latest cloud, data and cyber capabilities.

TeKnowledge

TeKnowledge

TeKnowledge enables governments and enterprises around the world to navigate the challenges with digital transformation today and tomorrow with elite cybersecurity protection and managed services.

Qryptonic

Qryptonic

Qryptonic pioneers next-generation cybersecurity by leveraging the unparalleled capabilities of quantum computing to defend against evolving threats.