A fake cloud storage alert that ends at Freecash
嗯,用户让我总结一下这篇文章的内容,控制在100字以内,而且不需要用“文章内容总结”之类的开头。首先,我得通读一下这篇文章,理解它的主要信息。 文章讲的是一个网络钓鱼活动,伪装成云存储服务的订阅问题,目的是引导用户到诈骗网站。骗子发送带有Google Cloud Storage链接的钓鱼邮件,最终将用户导向Freecash这样的应用,可能涉及 affiliate 骗局。文章还提到了如何防范这种诈骗。 接下来,我需要提取关键点:云存储钓鱼、Google Cloud Storage滥用、Freecash应用、防范建议。然后把这些信息浓缩成一句话,不超过100字。 要注意用词简洁明了,确保涵盖所有重要信息。比如,“伪装成云存储服务”说明了骗子的手法,“滥用Google Cloud Storage”指出了他们利用的技术手段,“引导至诈骗网站”说明了最终目标,“防范建议包括核实链接和使用安全软件”则提供了应对措施。 最后,检查一下字数是否符合要求,并确保语句通顺自然。 </think> 文章描述了一个伪装成云存储服务订阅问题的网络钓鱼活动,骗子通过发送包含Google Cloud Storage链接的钓鱼邮件,诱导用户点击并最终引导至诈骗网站Freecash.com。该活动利用合法服务掩盖骗局,并通过多次跳转和虚假提示获取用户信任。防范建议包括核实链接来源、避免点击可疑链接以及使用安全软件检测潜在威胁。 2026-2-3 10:38:35 Author: www.malwarebytes.com(查看原文) 阅读量:3 收藏

Last week we talked about an app that promises users they can make money testing games, or even just by scrolling through TikTok.

Imagine our surprise when we ended up on a site promoting that same Freecash app while investigating a “cloud storage” phish. We’ve all probably seen one of those. They’re common enough and according to recent investigation by BleepingComputer, there’s a

“large-scale cloud storage subscription scam campaign targeting users worldwide with repeated emails falsely warning recipients that their photos, files, and accounts are about to be blocked or deleted due to an alleged payment failure.”

Based on the description in that article, the email we found appears to be part of this campaign.

Cloud storage payment issue email

The subject line of the email is:

“{Recipient}. Your Cloud Account has been locked on Sat, 24 Jan 2026 09:57:55 -0500. Your photos and videos will be removed!”

This matches one of the subject lines that BleepingComputer listed.

And the content of the email:

Payment Issue – Cloud Storage

Dear User,

We encountered an issue while attempting to renew your Cloud Storage subscription.

Unfortunately, your payment method has expired. To ensure your Cloud continues without interruption, please update your payment details.

Subscription ID: 9371188

Product: Cloud Storage Premium

Expiration Date: Sat,24 Jan-2026

If you do not update your payment information, you may lose access to your Cloud Storage, which may prevent you from saving and syncing your data such as photos, videos, and documents.

Update Payment Details {link button}

Security Recommendations:

  • Always access your account through our official website
  • Never share your password with anyone
  • Ensure your contact and billing information are up to date”

The link in the email leads to  https://storage.googleapis[.]com/qzsdqdqsd/dsfsdxc.html#/redirect.html, which helps the scammer establish a certain amount of trust because it points to Google Cloud Storage (GCS). GCS is a legitimate service that allows authorized users to store and manage data such as files, images, and videos in buckets. However, as in this case, attackers can abuse it for phishing.

The redirect carries some parameters to the next website.

first redirect

The feed.headquartoonjpn[.]com domain was blocked by Malwarebytes. We’ve seen it before in an earlier campaign involving an Endurance-themed phish.

Endiurance phish

After a few more redirects, we ended up at hx5.submitloading[.]com, where a fake CAPTCHA triggered the last redirect to freecash[.]com, once it was solved.

slider captcha

The end goal of this phish likely depends on the parameters passed along during the redirects, so results may vary.

Rather than stealing credentials directly, the campaign appears designed to monetize traffic, funneling victims into affiliate offers where the operators get paid for sign-ups or conversions.

BleepingComputer noted that they were redirected to affiliate marketing websites for various products.

“Products promoted in this phishing campaign include VPN services, little-known security software, and other subscription-based offerings with no connection to cloud storage.”

How to stay safe

Ironically, the phishing email itself includes some solid advice:

  • Always access your account through our official website.
  • Never share your password with anyone.

We’d like to add:

  • Never click on links in unsolicited emails without verifying with a trusted source.
  • Use an up-to-date, real-time anti-malware solution with a web protection component.
  • Do not engage with websites that attract visitors like this.

Pro tip: Malwarebytes Scam Guard would have helped you identify this email as a scam and provided advice on how to proceed.

Redirect flow (IOCs)

storage.googleapis[.]com/qzsdqdqsd/dsfsdxc.html

feed.headquartoonjpn[.]com

revivejudgemental[.]com

hx5.submitloading[.]com

freecash[.]com

We don’t just report on scams—we help detect them

Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we’ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!

About the author

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.


文章来源: https://www.malwarebytes.com/blog/news/2026/02/a-fake-cloud-storage-alert-that-ends-at-freecash
如有侵权请联系:admin#unsafe.sh