Just in:
Citadel Securities backs Crypto.com with $400 million // A SIM Guide to Comparing Graduate Salaries and Employability in Singapore // EU prosecutors examine subsidies linked to Babiš // Dubai weighs turning organic waste into aviation fuel // DITP Launches THAI SELECT Festival 2026 in New York to Strengthen U.S. Market Opportunities for Thailand’s Food Industry // Rival cyber spies penetrate Pakistan police networks // Rhenus to Further Strengthen Warehousing Solutions in the Philippines // Guardian Fire expands Midwest reach with Nebraska deal // Dubai-Botswana pact opens new commodity trade corridor // Revolut clears first hurdle for Dubai crypto launch // CyCraft Named a Sample Provider in the Gartner® Latest AI Reasoning Models Report—The Only Taiwan-Based Cybersecurity Provider Listed // De Beers halts Venetia output amid diamond slump // Iran widens energy threat as Hormuz battle escalates // AI tools sharpen cybercrime as quishing surges // Dealing.com claims record for tokenised stock access // “Achievements of National Aerospace Endeavours” Thematic Exhibition Makes First Stop at Hong Kong Science Park // Xsolla and Management and Science University (MSU) Sign Memorandum of Understanding (MOU) to Connect Future Game Developers With Global Commercial Opportunities // US missiles disable tanker bound for Iran // Launch ceremony of third edition of Hong Kong Fashion Fest Held on July 9 // Alessio Vinassa: ‘Generative AI Is the Most Important Creative Tool Since the Camera — and the Most Misunderstood’ //

New Malware Campaign Uses Google Sheets to Exfiltrate Data

An advanced malware campaign, identified by cybersecurity researchers at Proofpoint in August 2024, has raised alarms across various sectors worldwide. The malware, dubbed “Voldemort,” is believed to be part of a suspected cyber espionage operation, targeting organizations in sectors such as aerospace, insurance, and education. What makes Voldemort particularly concerning is its novel method of exfiltrating data—through the use of Google Sheets as a command and control (C2) server.

The campaign was first detected in early August, with attackers disseminating over 20,000 phishing emails to targeted organizations. These emails, impersonating tax authorities from the victims’ respective countries, contained links leading to malicious websites. Once the link was clicked, users were redirected to a series of deceptive web pages, eventually leading to the download of the Voldemort malware.

Voldemort is a sophisticated backdoor, written in C, that offers a range of functionalities including file management, command execution, and data exfiltration. One of the most distinctive features of Voldemort is its ability to use Google Sheets not just for command and control but also for storing stolen data. By exploiting Google’s API with embedded client credentials, the malware communicates with Google Sheets, where it writes exfiltrated data into specific cells.

ADVERTISEMENT

This method of using a legitimate cloud service as a C2 server is not just innovative but also highly effective in evading detection by traditional security tools. Since Google Sheets is a trusted platform, communication between the infected system and the Sheets API often goes unnoticed by network security measures. This reduces the likelihood of the malware being flagged by security systems, allowing the attackers to maintain persistence within the compromised networks.

The campaign has not been attributed to any known threat actor, but the scale and sophistication suggest that it could be the work of an advanced persistent threat (APT) group. The malware’s ability to impersonate tax authorities in phishing emails highlights the attackers’ use of social engineering to increase the likelihood of successful intrusions.

As this campaign continues to evolve, cybersecurity experts are urging organizations to heighten their vigilance, particularly by enhancing their phishing defenses and monitoring unusual traffic to cloud services like Google Sheets. The use of such a widely trusted platform for malicious activities underscores the need for continuous adaptation in cybersecurity strategies.



Notice an issue?

Arabian Post strives to deliver the most accurate and reliable information to its readers. If you believe you have identified an error or inconsistency in this article, please don't hesitate to contact our editorial team at editor[at]thearabianpost[dot]com. We are committed to promptly addressing any concerns and ensuring the highest level of journalistic integrity.


ADVERTISEMENT
Social Media Auto Publish Powered By : XYZScripts.com
Just in:
Central & Western District Youth-to-Career Explo Connects Hong Kong Youth to Future Careers in AI Era // TrendAI™ Named a Champion for the Fourth Consecutive Year in Omdia’s Global Cybersecurity Platform Ecosystems Leadership Matrix 2026 // “Achievements of National Aerospace Endeavours” Thematic Exhibition Makes First Stop at Hong Kong Science Park // Louis Vuitton Celebrates 130 Years of the Monogram // Fynd brings AI fashion platform to Gulf // Iran widens energy threat as Hormuz battle escalates // BlackRock Bitcoin fund assets approach $48 billion // A SIM Guide to Comparing Graduate Salaries and Employability in Singapore // Enshi Suobuya Stone Forest in China Launches Rich Cultural Experiences to Welcome Southeast Asian Tourists // Alessio Vinassa: ‘Generative AI Is the Most Important Creative Tool Since the Camera — and the Most Misunderstood’ // Trump scraps Hormuz levy but tightens Iran blockade // Launch ceremony of third edition of Hong Kong Fashion Fest Held on July 9 // Rival cyber spies penetrate Pakistan police networks // Dealing.com claims record for tokenised stock access // UK sets overnight social media curfew for teens // CyCraft Named a Sample Provider in the Gartner® Latest AI Reasoning Models Report—The Only Taiwan-Based Cybersecurity Provider Listed // Rhenus to Further Strengthen Warehousing Solutions in the Philippines // Citadel Securities backs Crypto.com with $400 million // Wildfire smoke triggers alerts across 20 US states // Dubai-Botswana pact opens new commodity trade corridor //