- Le tecnologie di frontiera del 2025: le previsioni degli analisti e la visione dei CIO
- ITDM 2025 전망 | 금융 플랫폼 성패, 지속가능한 사업 가치 창출에 달렸다” KB국민카드 이호준 그룹장
- “고객경험 개선하고 비용은 절감, AI 기반까지 마련” · · · AIA생명의 CCM 프로젝트 사례
- 2025年、CIOはAIに意欲的に投資する - そしてその先も
- The best robot vacuums for pet hair of 2024: Expert tested and reviewed
Sorillus RAT and Phishing Attacks Exploit Google Firebase Hosting
Attackers have been observed using the notorious Sorillus remote access trojan (RAT) and phishing attacks to exploit Google Firebase Hosting infrastructure.
The novel threat was observed when eSentire’s Security Operations Center (SOC) detected suspicious code in a manufacturing customer’s network.
The security experts described the new threat in an advisory published on July 13, 2023, where they said attackers have been using Firebase Hosting due to its ability to obscure malicious content.
“In a recent case in June 2023, our [SOC] was alerted to suspicious code written to the registry in an endpoint in a manufacturing customer’s network,” reads the blog post.
“The investigation identified Sorillus RAT and a phishing page being delivered using HTML smuggled files and links using Google’s Firebase Hosting service.”
In particular, attackers capitalized on Firebase’s legitimacy to deliver the Sorillus RAT, a Java-based commercial malware that facilitates remote access and data theft.
The attack started with victims opening a phishing email that enticed them to open a seemingly innocuous tax-themed file. The attachment concealed a Java payload that executed the Sorillus RAT on the victim’s system.
Additionally, the investigation uncovered an intricately obfuscated phishing kit that heavily relied on Google Firebase Hosting. This phishing campaign utilized multiple cloud services, including Cloudflare, to craft a convincing Microsoft 365 login page.
As mentioned above, the attackers leveraged the credibility of these cloud platforms to bypass security filters and automated scanners, making detection challenging.
The eSentire’s Threat Response Unit (TRU) provided crucial insights and recommendations for defending against such sophisticated attacks.
They emphasized the importance of keeping antivirus signatures up-to-date and adopting Next-Gen antivirus or endpoint detection and response (EDR) tools. Furthermore, they suggested removing Java from systems where unnecessary and configuring systems to open potentially dangerous files with caution.
The eSentire blog post comes a few months after ESET shared findings related to a new mobile RAT based on AhMyth infecting Android devices.
