Security News

An information-stealing Google Chrome browser extension named 'VenomSoftX' is being deployed by Windows malware to steal cryptocurrency and clipboard contents as users browse the web. This Chrome extension is being installed by the ViperSoftX Windows malware, which acts as a JavaScript-based RAT and cryptocurrency hijacker.

The Google Cloud Threat Intelligence team has open-sourced YARA Rules and a VirusTotal Collection of indicators of compromise to help defenders detect Cobalt Strike components in their networks. "We are releasing to the community a set of open-source YARA Rules and their integration as a VirusTotal Collection to help the community flag and identify Cobalt Strike's components and its respective versions," said Google Cloud Threat Intelligence security engineer Greg Sinclair.

Google Cloud's intelligence research and applications team has created and released a collection of 165 YARA rules to help defenders flag Cobalt Strike components deployed by attackers. Cobalt Strike, a legitimate adversary simulation tool used by pentesters and cyber red teams, has also become threat actors' preferred post-exploitation tool.

Google has won a lawsuit filed against two Russian nationals in connection with the operation of a botnet called Glupteba, the company said last week. The defendants' move to press sanctions against Google was denied.

Google Cloud last week disclosed that it identified 34 different hacked release versions of the Cobalt Strike tool in the wild, the earliest of which shipped in November 2012. The versions, spanning 1.44 to 4.7, add up to a total of 275 unique JAR files, according to findings from the Google Cloud Threat Intelligence team.

Because of this, "Not every organization is hyper-focused on the subject of diversity and inclusion," MK Palmore, a director in Google Cloud's Office of the Chief Information Security Officer, told The Register. The infosec community - still mostly male and mostly white - needs diversity to produce better outcomes, Palmore said.

A developing threat activity cluster has been found using Google Ads in one of its campaigns to distribute various post-compromise payloads, including the recently discovered Royal ransomware. "Observed DEV-0569 attacks show a pattern of continuous innovation, with regular incorporation of new discovery techniques, defense evasion, and various post-compromise payloads, alongside increasing ransomware facilitation," the Microsoft Security Threat Intelligence team said in an analysis.

State-backed Chinese hackers launched a spearphishing campaign to deliver custom malware stored in Google Drive to government, research, and academic organizations worldwide. The Chinese hackers used Google accounts to send their targets email messages with lures that tricked them into downloading custom malware from Google Drive links.

Threat actors are abusing Google's Looker Studio to boost search engine rankings for their illicit websites that promote spam, torrents, and pirated content. BleepingComputer has come across several pages of Google search results flooded with datastudio.

Google sued Dmitry Starovikov and Alexander Filippov - along with 15 other John and Jane Does - in December 2021, saying in the original complaint [PDF] that the botnet "Is distinguished from conventional botnets in its technical sophistication: unlike other botnets, the Glupteba botnet leverages blockchain technology to protect itself from disruption." Judge Cote said in her opinion and order [PDF] that the Defendants had "Attempted to negotiate a discovery plan in bad faith, requesting an exchange of electronic devices" - although they knew they could not provide the devices they said they had. According to the judge, the defendants and their lawyer told Google that pertinent discovery information was held by their former employer Valtron LLC,, a limited liability company based in Moscow.