Best Top Reviews Online

Malware Using Google Drive As Its Command And Control Server Was Discovered

Since the majority of security tools also monitor network traffic to detect malicious IP addresses, attackers increasingly utilize the infrastructure of legitimate services to conceal their malicious activities.

Researchers have discovered a new malware attack campaign associated with the infamous DarkHydrus APT group, which uses Google Drive as its command-and-control (C2) server.

DarkHydrus was discovered for the first time in August of last year when an advanced persistent threat (APT) group was using the open-source Phishery tool to conduct a credential-harvesting campaign against government entities and educational institutions in the Middle East.

According to reports published by the 360 Threat Intelligence Center (360TIC) and Palo Alto Networks, the latest malicious campaign carried out by the DarkHydrus APT group was also observed against targets in the Middle East.

This time, the advanced threat attackers are employing a new variant of their RogueRobin backdoor Trojan, which infects victims’ computers by tricking them into opening a Microsoft Excel document with embedded VBA macros, as opposed to exploiting a zero-day Windows vulnerability.

Enabling the macro drops a malicious text (.txt) file in the temporary directory and then uses the legitimate’regsvr32.exe’ application to execute it, ultimately installing the RogueRobin backdoor written in the C# programming language on the compromised system.

According to researchers from Palo Alto, RogueRobin includes several stealth functions to determine if it is running in a sandbox environment, such as checking for virtualized environments, low memory, processor counts, and common analysis tools. It contains anti-debug code as well.

The new variant of RogueRobin communicates with its command-and-control server using DNS tunneling, a technique for sending or retrieving data and commands through DNS query packets.

However, researchers discovered that in addition to DNS tunneling, the malware was also designed to use Google Drive APIs as an alternative channel for sending and receiving data and commands from hackers.
“RogueRobin uploads a file to the actor’s Google Drive account and continuously checks the file’s modification time to determine whether the actor has modified it. The actor will modify the file to include a unique identifier for future communications by the Trojan “According to Palo Alto researchers,
The new malware campaign suggests that APT hacking groups are utilizing more legitimate services for their command-and-control infrastructure to avoid detection.

It should be noted that since VBA macros are a legitimate feature, the majority of antivirus programs do not issue a warning or block Microsoft Office documents containing VBA code.

The best way to protect yourself from such malware attacks is to always be suspicious of any uninvited email attachments and to never click on links within these attachments without first verifying their source.

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus
The Rise of the Rookie Hacker – A New Trend to Reckon With

December 21, 2022

More zero-knowledge attacks, compromised credentials, and cybercrimes committed by Generation Z – trends and forecasts for 2022 and 2023. Cybercrime continues to pose a significant threat to individuals, businesses, and governments worldwide. Cybercriminals continue to exploit the pervasiveness of digital…

Many Businesses Have Not Yet Patched The Citrix Flaw

February 8, 2020

One in five businesses has not yet patched this critical vulnerability. Even though Positive Technologies disclosed a critical vulnerability in Citrix software that put 80,000 businesses in 158 countries at risk, one in five businesses have yet to patch the…

Get more info



Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to As an Amazon Associate I earn from qualifying purchases.


Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of