Google Workspace Compromised by Crypto Conmen in Phishing Attack.

Mar 13 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s Everything Everywhere All At Once (when it comes to cybersec news!).

Today’s hottest cyber security stories:

  • Don’t read the comments! Google Workspace compromised by commenting crypto conmen
  • Joe Biden’s White House allocates $3.1 billion to fight cybercrime
  • ‘8220’ hacking group uses new ScrubCrypt Crypter to evade detection. U wot m8?


????So the BEC (business email compromise – duh) won’t let me be. Or let me be me, so let me see. They tried to shut me down on GWC (Google Workspace Comments – come on!) But it feels so empty without me… ????

Another day, another dastardly phishing expedition. Today’s comes in the form of a cyberattack on perusers of Google Workspace comment sections.

The pesky perpetrators have been busy little bees; in the past two weeks, 1,100 businesses have been targeted by these Google Workspace comment section phishing exercises, according to cybersecurity watchdog Avanan.

Specifically, threat actors (bad dudes) are using the comments sections of Google Workspace documents to bait victims and lure them into fake cryptocurrency schemes.

Google Workspace is a big mover and shaker in the business. See below for specifics re its global reach…

Google Workspace facts & figures:

  • Google Workspace is used in over 190 countries and territories
  • More than 20 million meetings are held on Google Meet every day
  • Google Drive has over 2 billion monthly active users
  • Google Docs is used by over 800 million monthly active users

What’s the 411?

Well, the hackers simply open a free Google account, add comments using Google Sheets, and insert dangerous links into them before inviting targets to click on these via email. Simples.

Avanan said: “To the end-user, this is a fairly typical email, especially if they use Google Workspace.

“And even if they don’t, it’s fairly typical, as many organisations use Google Workspace and Microsoft 365.”

Clicking on the malicious link takes the victim to the fake cryptocurrency website, where the scammers await them.

“These fake cryptocurrency sites work in a few ways,” said Avanan. “They can be straight phishing sites, where credentials will be stolen. There’s a variety of other options, whether it’s straight theft or [illegal, non-consensual] crypto-mining.”

It’s a crypto-mine field out there, folks! Mine how you go. Alright, we’ll stop.


Watch out cybercriminals, there’s a new sheriff in, you know, the thing. The White House finally seems to be taking real steps to tackle cybercrime.

Presidents have been making the right sounds about taking on the darkside of the internet as far back as George Dubya, and possibly even Bill Clinton. But he had his finger in a lot of, uh, pies.

So, there’s no big surprise that nothing tangible really happened for twenty years. But hey, ho – here we are in 2023 and the new budget goes hard on hackers. Better late than never, eh?

But, is $3.1 billion enough and will it be spent in the right places? Let’s see what the experts have to say.

Richard Bird, CSO at API security firm Traceable AI, said that while the new cybersecurity investments are welcome, it’s disappointing to see a focus on outdated ways of thinking.

He said: “Faster incident reporting is not a security improvement, no more than an alarm system that goes off two days after you have been robbed is a security improvement,” Bird explained.

“It’s time for the US government to get serious about legislating actual cyber protections for citizens and consumers in our nation instead of taking half measures and half steps like this.”

Perhaps the U.S. government needs to take a leaf out of Mike from Breaking Bad’s book: No more half measures.

The budget announcement comes days after the Biden-Harris administration published its National Cybersecurity Strategy. Here’s hoping they didn’t write it themselves.


Bit of a tongue twister this one. So, what’s the story? Here’s our quickfire rundown. Strap in, folks.

Who tf are the 8220 gang? The 8220 Gang, also known as 8220 Mining Group, is a for-profit threat group from China.

What do they do? They mainly target cloud providers and poorly secured applications with a custom-built crypto miner and IRC bot. As of late, the 8220 gang’s bread and butter, if you will, is cryptojacking attacks along with exploiting system vulnerabilities.

What’s the latest? It’s going, going back, back to… targeting Oracle Weblogic server vulnerabilities to carry out mining attacks.

Hang on, what about the ScrubCrypt bit? We thought you’d never ask. ScrubCrypt crypter, as advertised by its developer, encrypts and modifies applications so that it can bypass all security programs, such as Windows Defender, by modifying its settings.

F*ck that sh!t. Our thoughts exactly. Stay safe, true believers!

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles