According to CryptoPotato, well-known software development company Retool recently disclosed that 27 of its cloud customers became victims of a targeted SMS phishing attack. The attack has raised concerns about the security of cloud sync features, especially the cloud sync feature of Google Authenticator.

On August 27, attackers launched a SMS phishing campaign targeting Retool employees. The attackers impersonated members of the IT team and tricked recipients into clicking on a legitimate-looking link to resolve a payroll-related issue. An employee fell for it and was directed to a fake login page with a multi-factor authentication form, where his login credentials were stolen.

The attacker used deep fake technology to imitate the voices of IT team members and tricked employees into revealing multi-factor authentication codes. Because employees used the cloud synchronization function of Google Authenticator, the attacker was able to access the internal management system and control the accounts of 27 cryptocurrency industry customers. One of the affected customers, Fortress Trust, suffered heavy losses, with approximately $15 million in cryptocurrency stolen.