Malware in Email Threads: Info Stealers being delivered using Cloud Sharing Services
The abuse of cloud sharing services such as Google Drive and Google Docs was last seen in March 2023, in which threat actors targeted Latin American countries, distributing payment-related emails containing malware such as REMCOSRAT. This time, we observed a spam email that initiated a discussion about hotel reservations.
As seen in the email, a booking request is initiated to start an email thread. When the victim replies to the email, the malicious actor will claim that a family member has a medical concern and that it will need a special request from the hotel, urging the victim to open a Google Drive link along with the password to decompress the downloaded archive.