Amazon, Azure Clouds Host RAT-ty Trio in Infostealing Campaign

2022-01-12 21:04

Cyberattackers are abusing Amazon Web Services and Azure Cloud services to deliver a trio of remote access trojans, researchers warned - all aimed at hoovering up sensitive information from target users.

"When the initial script is executed on the victim's machine, it connects to a download server to download the next stage, which can be hosted on an Azure Cloud-based Windows server or an AWS EC2 instance."

The actor behind this campaign maintains a distributed infrastructure consisting of download servers, command-and-control servers and malicious subdomains, researchers noted.

The downloading servers are the ones hosted on Microsoft Azure and AWS cloud services.

The campaign uses a range of other dropper trojans as well, including a batch-file downloader and a VBScript downloader.

"The batch script contains an obfuscated command that runs PowerShell to download and run a payload from a download serveron Azure Cloud," researchers said.

News URL

https://threatpost.com/amazon-azure-clouds-rat-infostealing/177606/

#amazon #azure #cloud #RAT

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Amazon		60	4	39	62	15	120