Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns

• Google Cloud Run is currently being abused in high-volume malware distribution campaigns, spreading several banking trojans such as Astaroth (aka Guildma), Mekotio and Ousaban to targets across Latin America and Europe.
• The volume of emails associated with these campaigns has significantly increased since September 2023 and we continue to regularly

abusing america astaroth banking banking trojan banking trojans campaigns cloud continue distribution emails europe google google cloud guildma high latam latin america malware malware distribution malware research run securex september threat spotlight trojans