Skip to content

GhostToken for GCP (Google cloud platform)

Recently, a new type of cyber-attack has been discovered that is taking advantage of Google Cloud Platform (GCP) application infrastructure to create an invisible and unremovable Trojan app on Google accounts. This attack is known as GhostToken and is a unique form of attack that is difficult to detect and remove.

GhostToken works by taking advantage of the trust relationship between the Google account and GCP, allowing attackers to gain access to the application infrastructure and create the Trojan app without being detected. The Trojan app is designed to run in the background and collect data from the user’s account, including personal information and login credentials.

This attack is particularly dangerous as it is invisible and unremovable, making it difficult to detect and mitigate. It is also difficult to trace the attack back to the source, as it is designed to be stealthy and evade detection.

To protect against GhostToken, it is important to ensure that GCP application infrastructure is properly secured and monitored. It is also important to use multi-factor authentication and strong passwords to protect Google accounts. Additionally, organizations should regularly monitor their Google accounts for suspicious activity and unauthorized access.

As the use of cloud-based applications and infrastructure continues to grow, it is critical that organizations take the necessary steps to protect against emerging threats like GhostToken. This includes investing in security measures that are designed to prevent, detect, and respond to these types of attacks. By taking a proactive approach to security, organizations can help prevent cyber-attacks and protect their sensitive data and information.

Research could be found here https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/