Connect with us


Sophos Uncovers Top 7 Ways Cyberscammers, Malware Operators Abuse Google Forms



Sophos, a global leader in next-generation cybersecurity, has published research, “Phishing and Malware Actors Abuse Google Forms for Credentials, Data Exfiltration,” describing howcyberattackers – from entry-level scammers to advanced adversaries – abuse Google Forms to implement a wide range of attacks, targeting both organizations and individuals. 

“The extent to which cyberattackers abuse Google Forms came to light while we were researching how malware abuses encryption to conceal its activities and communications,” said Sean Gallagher, senior threat researcher at Sophos. “Google Forms offer cyberattackers an attractive proposition: the forms are easy to implement and trusted by both organizations and consumers; the traffic to and from the service is secured with Transport Layer Security (TLS) encryption so it can’t be easily inspected by defenders; and the whole set up essentially provides a free attack infrastructure.

 “Our analysis shows that while most abuse of Google Forms by cyberattackers remains firmly in the low-skill phishing and fraud spam space, there are increasing signs that adversaries are taking advantage of the platform for more sophisticated attacks. Sophos’ examples of this include attackers using Google Forms to exfiltrate data and for malware command-and-control.”

Below are the seven ways that Sophos researchers have identified cyberscammers and malware operators abusing Google Forms: 

1.       Phishing: Despite the fact that Google warns users on every page of a form not to enter password details, Sophos found several examples where attackers tried to convince potential victims to enter their credentials into a Google Form laid out to resemble a login page. These forms were often tied to malicious spam campaigns.

2.       Malicious spam campaigns: One of the largest sources of Google Forms links in spam were “unsubscribe” links in scam-related marketing emails. Sophos has intercepted a number of spam-based phising campaigns that targeted Microsoft online accounts, including Office365. The spam claimed that recipients’ email accounts were about to be shut down if they were not immediately verified, and offered a link to a Google Form that asked the user to enter their Microsoft credentials. These Google Forms pages were decorated with Microsoft graphics but, still, clearly a Google Form.

3.       Payment card data theft: Entry-level scammers use Google Forms’ ready-made design templates to attempt to steal payment data through faked “secure” e-commerce pages.

4.       Potentially Unwanted Applications (PUAs), such as adware: The researchers discovered a number of PUAs targeting Windows users. These apps use Google Forms pages surreptitiously, with the web requests collected and submitted to forms automatically without any need for user interaction.

5.       Fake user interfaces for malicious Android apps: Sophos found some malicious Android applications that made use of Google Forms to capture data without having to code a back-end website. Most of these were adware or PUAs. For instance, the researchers found “SnapTube,” a video app that generates revenue for the developer through web advertising fraud and which includes a Google Forms page for user feedback.

6.       Data removal: The researchers uncovered a number of more sophisticated threats abusing Google Forms. This included malicious Windows applications that used web requests to Google Forms pages to ‘push’ stolen data from computers to a Google spreadheet via Google Forms.

7.       Part of the wider malicious cyberattack infrastructure: Sophos telemetry has detected a number of PowerShell scripts interacting with Google Forms. We were able to prototype how PowerShell scripts could be used to scrape Windows profiling data from a computer and submit it to a Google Forms form automatically. 

“Google frequently shuts down accounts associated with a mass abuse of applications, including Google Forms,” said Gallagher. “However, the kind of low-volume, targeted use of Forms by some malware could stay under the radar. Business defenders need to be alert to this threat and apply caution whenever they see links to Google Forms, or any other legitimate services trying to obtain credentials, and they should not inherently trust TLS traffic to ‘known good’ domains such as”

Sophos products, including Intercept X for endpoints, defend against most malicious spam that carry forms-based phishing campaigns and detect the behaviors of system information collection discussed in the new research. 

Sophos also advises consumers to install a security solution, such as Sophos Home, on the devices that they and their families use for online communications and gaming to protect everyone from malware and cyberthreats.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Autochek Officially Launches in Kenya



Autochek, the automotive technology company that aims to facilitate auto finance across Africa, has officially widened its operations to Kenya as part of its pan-African expansion. To lead its Kenya operations, Autochek has appointed Bilhah Muriithi as the Country Manager. Having recently acquired automotive marketplaces Cheki Kenya and Cheki Uganda from ROAM Africa (Ringier One Africa Media), the move into the Kenyan market signals Autochek’s focus on building digital solutions that will increase market adoption for auto loan financing and drive partner prosperity for its core stakeholders, such as dealerships, garages and financial institutions. 

With credit penetration in Kenya at 27.5% and over 400,000 car sales per annum, East Africa’s growing market is positioned as a key auto financing hub.

Autochek will leverage its 360-degree automotive solutions to provide vehicle financing and after-sales services through its finance partners such as NCBA Group, Caritas MFB, KKVL, Musoni and Sidian.

With Cheki Kenya’s operations fully integrated with Autochek’s, the company now has over 12,000 unique vehicles listed on the Autochek app and have onboarded licensed brand new car manufactures (Inchcape, CFAO Group  & CMC Motors) as well as used car dealers (Al Rahim, Autobox, Newton, Mombasa Khushi & Canon Motors). To ensure vehicles are kept in good condition, customers in Kenya can access affordable and expert maintenance services from standardised workshops (AutoXpress, Motor Consult, Kei Cars & ) and insurance partners( PesaBazaar & MTEK) via Autochek’s partner network.

Speaking at the official launch event in Nairobi, Etop Ikpe, Founder and CEO of Autochek stated “With a high credit penetration rate, Kenya is an exciting market for us to be expanding into. The Kenyan market presents an opportunity for us to build on what Cheki Kenya has done over the last decade and to build technology solutions that will drive growth in Africa’s automotive industry.

“We’ve had great success in our pilots by adapting and tailoring our solutions for different consumers. As we expand our operations in Kenya, we are excited to welcome Bilhah on board, who we found to be a strong leader with a solid background in the finance and automotive sector, and is equipped to lead the team in Kenya as we continue to expand our footprint across East Africa and beyond.”

Having started her career at Cheki Kenya, Bilhah joins Autochek from NCBA BANK PLC, Digital Business, where she was responsible for running the Carduka portal, an online motor vehicle platform, as the Business Manager. With over 9 years of experience, Bilhah has built her leadership acumen working with digital brands in Kenya. As Country Manager, Bilhah will be responsible for overall oversight of the business, growing the marketplace by ensuring that Autochek has all mainstream car dealers, all auto lenders, all car buyers, all insurance & tracking companies.

Commenting on her new role as Country Manager, Bilhah Muriithi said: “We foresee great opportunities in Kenya – not just for Autochek, but also for key stakeholders and consumers. By moving into Kenya, we are able to deliver great opportunities for innovation. I am excited to be joining this highly motivated team, who are passionate about making a real impact across the continent.”

Joining Bilhah, Etop and the Autochek team at the launch event themed “Leveraging Financing to Facilitate Motorization Across Africa” were representatives from key stakeholders including Dr.(Eng) Joseph K.Njoroge, Principal Secretary, State Department of Transport, Major Kipchumba, Chair Kenya Car Bazaar, Hussein Ibrahim, MD, Inchcape, Andreata Muforo-TLCOM Capital & Tony Voorhout, MD, Nissan Kenya.

Launched in 2020 and backed by TLcom Capital and 4DX Ventures, Autochek combines technology underpinned by data analytics to deepen auto finance penetration across the continent. Powered by its residual value algorithm, Autochek is able to pre-qualify customers for financing and disburse auto loans within 48 hours through a single application process. Autochek’s in-house digital solutions have enabled the platform to partner with over 68 financial institutions, build a 1,000 strong dealer network integrated with 1,000 workshop networks in Nigeria, Ghana and Kenya.  

Continue Reading


Telecom Operators To Pay $197.4m For 5G 3.5GHz Spectrum



Telecom operators will pay a whopping $197.4 million to the Nigerian Communications Commission (NCC) for the Fifth Generation (5G) 3.5GHz spectrum.

The industry regulated in a draft hinted that it might offer two lots of 100MHz each in the 3.5 GHz band ranging from 3500 to 3600 MHz and 3700 to 3800 MHz for auction prelude to the 5G network deployment in the country.

In the 80-page document, the commission informed that the “Generic Reserve Price (GR) is the minimum price at which a lot shall be sold, adding: “This is the Reserve Price for one lot of 100 MHz and has a value of $197,400,000.00 ($197.4 million) or its equivalent in naira at the prevailing Central Bank of Nigeria (CBN) rates at the time of the auction.”

It stressed that each lot of 1×100 MHz represents an eligibility point. The IM defines the process for the licensing of spectrum in the 3.5 GHz band by the NCC.

The commission explained that the assignment would comprise a sale to be held in Abuja from December 13, 2021 as an Ascending Clock Auction with exit bids. Mock auction is billed for December 6.

According to the regulator, the spectrum lot, won by every bidder, would be assigned on a nationwide basis, consisting of the 36 states and the Federal Capital Territory (FCT).

However, the NCC said the IM “is for information purposes only.”

The organisation added: “It is not intended to form the sole basis of an investment decision and should not be considered as a recommendation by the commission to any stakeholder to participate in the auction.”

Continue Reading


TLcom Announces 3rd Africa Tech Female Founder Summit



TLcom Capital, the Africa-focussed venture capital firm, has officially announced the launch of the 2021 Africa Tech Female Founder Summit, which will be held virtually on Wednesday 13th October 2021. The keynote session is headlined by Julia Gillard, former Prime Minister of Australia and Chair of Andela, who will discuss how founders should think about establishing and working with their boards from early stage growth to scale. With the event now being held for the third successive year, TLcom has opened applications for female tech founders across Africa and the Diaspora to attend this year’s virtual summit, which also features female C-Suite executives from Africa’s leading tech startups including Desiree Craig of uLesson, Mayokun Fadeyibi of Autochek, Kristen Kelly of Terragon, and Susan Kiama of Twiga Foods.

Themed “Board and C-Suite Matters – Counsel, Coach and Collaborate”, the third Female Founder Summit will deliver expert insights on how to build and leverage a senior team and board to drive strong execution and growth. The goal of the summit is to build an even larger community of female tech founders in Africa that can be a support for one another as they scale their businesses. Julia Gillard’s keynote will be followed by an open Q&A session with attendees as well as a panel discussion on how to attract, motivate and retain high-quality senior talent,moderated by Eloho Omame, co-founder of FirstCheck Africa. .

Speaking on the event, Omobola Johnson, Senior Partner at TLcom Capital, says, “Over the last 18 months, African tech has broken into a completely new threshold of investment activity and as the ecosystem continues to mature, founders are being exposed to an entirely new set of challenges. From our conversations with entrepreneurs in our network, the most pressing of these issues lie in building a core team both above and below a founder and ensuring they all work in the interests of the organisation. If we want our sector to continue on its current trajectory, it’s vital we equip founders to successfully execute these processes both in terms of establishing a more deliberate C-Level hiring strategy and effectively partnering with their boards to amplify the value generation process for their businesses.”  

Due to the global pandemic, TLcom’s 2020 Female Founder Summit was also held as a virtual event with over 100 tech female entrepreneurs and executives from across the continent gathering to experience the power of connecting, learning and being a resource to each other. The 2021 virtual conference has been complemented by local networking cocktail events in Nairobi and Lagos.

Andreata Muforo, Partner at TLcom Capital, adds “Whilst the evolution of a board may present a new journey for founders across African tech, we cannot deny that there are fundamental differences in how female entrepreneurs are viewed in these settings. Women in leadership still have to deal with harmful stereotypes and biases irrespective of their position but a strong and supportive network can make a huge difference in this journey. This is why the Female Founder Summit is so important as nobody understands our experiences like other women and in Julia, and our incredible panellists, we’re delighted to have people who can not only identify with our attendees, but can also share expert strategies on how to navigate these spaces.”

TLcom’s TIDE Africa Fund, which is one of the most active funds across Sub-Saharan Africa, boasts a leadership team which is 50% female and has actively supported female founders not only through its annual summit, but notably through its recent investments in female-led startups over the last 18 months such as Okra and Pula. The fund also recently welcomed the first unicorn into its portfolio after Andela’s $200mn Series E round valued the company at $1.5bn. 

Currently, TLcom manages total commitments of approximately 200mn USD and holds eleven African startups in its portfolio including Andela, Ajua, Autochek, Ilara Health, Kobo360, Okra, Pula, Shara, Terragon Group, Twiga Foods and uLesson. With an on-the-ground presence in Kenya and Nigeria as well as offices in the UK, the firm invests across all stages of the venture capital cycle and a wide range of industries including agriculture, education, data analytics and logistics.   

Continue Reading