A custom malware used by the APT known as DarkHydrus uses a mix of novel techniques, including using Google Drive as an alternate command-and-control (C2) channel. The targeted attack involved spear-phishing emails written in Arabic sent to targeted organizations with macro-enabled Excel documents with.xlsm file extensions. Once executed, it fetches a custom payload dubbed RogueRobin; the malware has previously been seen in a. PowerShell-based form, while this campaign uses a new form of the malware written in C+.
Source: https://threatpost.com/roguerobin-google-drive-c2/141079/