{“lastseen”:”2026-02-03T12:05:07″,”description”:”Last week we talked about an app that promises users they can make money testing games, or even just by scrolling through TikTok.\\n\\nImagine our surprise when we ended up on a site promoting that same Freecash app while investigating a \u201ccloud storage\u201d phish. We\u2019ve all probably seen one of those. They’re common enough and according to recent investigation by BleepingComputer, there\u2019s a \\n\\n\\u003e \u201clarge-scale cloud storage subscription scam campaign targeting users worldwide with repeated emails falsely warning recipients that their photos, files, and accounts are about to be blocked or deleted due to an alleged payment failure.\u201d\\n\\nBased on the description in that article, the email we found appears to be part of this campaign.\\n\\n\\n\\nThe subject line of the email is:\\n\\n\u201c{Recipient}. Your Cloud Account has been locked on Sat, 24 Jan 2026 09:57:55 -0500. Your photos and videos will be removed!\u201d\\n\\nThis matches one of the subject lines that BleepingComputer listed.\\n\\nAnd the content of the email:\\n\\n\\u003e \u201c**Payment Issue – Cloud Storage**\\n\\u003e \\n\\u003e **Dear User,**\\n\\u003e \\n\\u003e We encountered an issue while attempting to renew your Cloud Storage subscription.\\n\\u003e \\n\\u003e **Unfortunately, your payment method has expired.** To ensure your Cloud continues without interruption, please update your payment details.\\n\\u003e \\n\\u003e **Subscription ID:** 9371188\\n\\u003e \\n\\u003e **Product:** Cloud Storage Premium\\n\\u003e \\n\\u003e **Expiration Date:** Sat,24 Jan-2026\\n\\u003e \\n\\u003e If you do not update your payment information, you may lose access to your Cloud Storage, which may prevent you from saving and syncing your data such as photos, videos, and documents.\\n\\u003e \\n\\u003e Update Payment Details {link button}\\n\\u003e \\n\\u003e **Security Recommendations:**\\n\\u003e \\n\\u003e * Always access your account through our official website\\n\\u003e * Never share your password with anyone\\n\\u003e * Ensure your contact and billing information are up to date\u201d\\n\\u003e \\n\\n\\nThe link in the email leads to `https:\/\/storage.googleapis[.]com\/qzsdqdqsd\/dsfsdxc.html#\/redirect.html`, which helps the scammer establish a certain amount of trust because it points to Google Cloud Storage (GCS). GCS is a legitimate service that allows authorized users to store and manage data such as files, images, and videos in buckets. However, as in this case, attackers can abuse it for phishing.\\n\\nThe redirect carries some parameters to the next website.\\n\\n\\n\\nThe `feed.headquartoonjpn[.]com` domain was blocked by Malwarebytes. We’ve seen it before in an earlier campaign involving an Endurance-themed phish.\\n\\n\\n\\nAfter a few more redirects, we ended up at `hx5.submitloading[.]com,` where a fake CAPTCHA triggered the last redirect to `freecash[.]com`, once it was solved.\\n\\n\\n\\nThe end goal of this phish likely depends on the parameters passed along during the redirects, so results may vary.\\n\\nRather than stealing credentials directly, the campaign appears designed to monetize traffic, funneling victims into affiliate offers where the operators get paid for sign-ups or conversions.\\n\\nBleepingComputer noted that they were redirected to affiliate marketing websites for various products.\\n\\n\\u003e \u201cProducts promoted in this phishing campaign include VPN services, little-known security software, and other subscription-based offerings with no connection to cloud storage.\u201d\\n\\n## How to stay safe\\n\\nIronically, the phishing email itself includes some solid advice:\\n\\n * Always access your account through our official website.\\n * Never share your password with anyone.\\n\\n\\n\\nWe’d like to add:\\n\\n * Never click on links in unsolicited emails without verifying with a trusted source.\\n * Use an up-to-date, real-time anti-malware solution with a web protection component.\\n * Do not engage with websites that attract visitors like this.\\n\\n\\n\\nPro tip: Malwarebytes Scam Guard would have helped you identify this email as a scam and provided advice on how to proceed.\\n\\n## Redirect flow (IOCs)\\n\\n`storage.googleapis[.]com\/qzsdqdqsd\/dsfsdxc.html`\\n\\n`feed.headquartoonjpn[.]com`\\n\\n`revivejudgemental[.]com`\\n\\n`hx5.submitloading[.]com`\\n\\n`freecash[.]com`\\n\\n* * *\\n\\n**We don ‘t just report on scams\u2014we help detect them**\\n\\nCybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we\u2019ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!”,”published”:”2026-02-03T10:38:35″,”modified”:”2026-02-03T10:38:35″,”type”:”malwarebytes”,”title”:”A fake cloud storage alert that ends at Freecash”,”source”:””,”references”:””,”id”:”MALWAREBYTES:D0268C4CCA7ED6EDDD3E824ABBBAFEB9″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2026\/02\/a-fake-cloud-storage-alert-that-ends-at-freecash”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-02-03T12:05:07″,”description”:”Last week we talked about an app that promises users they can make money testing games, or even just by scrolling through TikTok.\\n\\nImagine our surprise…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-38727","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n