New Phishing Attack Via Google Storage Deploys Remcos

A new phishing campaign is actively deploying the Remcos remote access trojan (RAT) by leveraging Google Storage infrastructure. This approach allows threat actors to utilize trusted cloud services for malicious payloads, posing a significant detection challenge. Consequently, security teams must monitor outbound connections to googleapis.com URLs that fall outside normal business workflows, as these could signal an active compromise.

Enforcing script execution policies, enabling behavioral endpoint detection, and scanning all email links regardless of the destination domain are practical steps that significantly reduce exposure.

Users should be trained to avoid clicking links in unexpected emails, even when those links appear to lead to trusted platforms like Google Drive, and should confirm the sender’s identity through a separate channel before opening any shared file.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.