Prepare for a deep dive into an entirely new, “in-the-wild” Google Drive phishing scheme that bypasses traditional defenses. This attack cleverly weaponizes the native Google Drive file-sharing mechanism to launch push-notification phishing—all without the victim ever needing to download a file or explicitly opt-in.
I will be the first to publicly detail the complete, sophisticated attack chain: from the deceptive Google Drive shared-file lure to a legitimate subscription checkout page, culminating in the generation of affiliate program revenue.
What You Will Learn:
Threat Actor Tactics: Unpacking the TTPs and attribution methods used in this campaign.
Technical Deep Dives: Practical OSINT and macOS malware analysis techniques.
The New Phishing Frontier: Understanding a class of “legitimate-looking” phishing that masterfully bridges the gray area between outright fraud and sanctioned marketing.
Actionable Defenses: Attendees will walk away with specific, implementable detections to fortify their organization’s corporate infrastructure against this threat.
Join us to see how attacker ingenuity continues to exploit the trust boundaries in modern cloud ecosystems and corporate affiliate models to generate revenue.
