Security News > 2022 > January > Amazon, Azure Clouds Host RAT-ty Trio in Infostealing Campaign

Amazon, Azure Clouds Host RAT-ty Trio in Infostealing Campaign
2022-01-12 21:04

Cyberattackers are abusing Amazon Web Services and Azure Cloud services to deliver a trio of remote access trojans, researchers warned - all aimed at hoovering up sensitive information from target users.

"When the initial script is executed on the victim's machine, it connects to a download server to download the next stage, which can be hosted on an Azure Cloud-based Windows server or an AWS EC2 instance."

The actor behind this campaign maintains a distributed infrastructure consisting of download servers, command-and-control servers and malicious subdomains, researchers noted.

The downloading servers are the ones hosted on Microsoft Azure and AWS cloud services.

The campaign uses a range of other dropper trojans as well, including a batch-file downloader and a VBScript downloader.

"The batch script contains an obfuscated command that runs PowerShell to download and run a payload from a download serveron Azure Cloud," researchers said.


News URL

https://threatpost.com/amazon-azure-clouds-rat-infostealing/177606/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Amazon 64 9 60 39 13 121