Last week, I posted a diary about suspicious Python modules. One of them was Firebase [1], the cloud service provided by Google[2]. Firebase services abused by attackers is not new, usually, it's used to host malicious files that will be available to download[3]. This is a nice location because who will think that a Google link is malicious?
This article has been indexed from SANS Internet Storm Center, InfoCON: green