Security News > 2022 > January > Cisco Talos discovers a new malware campaign using the public cloud to hide its tracks
The campaign was first detected in October and is using services like AWS and Azure to hide its tracks and evade detection.
Talos, Cisco's cybersecurity research arm, reports it has detected a new malware campaign that is using public cloud infrastructure to host and deliver variants of three remote access trojans while maintaining enough agility to avoid detection.
Public cloud services like AWS and Microsoft Azure were both cited by Talos as having played host to the malware, and the attackers also used some serious obfuscation in their downloader.
These attacks are evidence that threat actors are actively using cloud services as part of the latest form of attack, and that means trouble for vulnerable organizations.
Talos says the JavaScript version of the downloader is using four different functions to decrypt itself, and nested inside each encrypted layer is the method by which it is further decrypted.
At layer three, the decryption process uses "Another obfuscated function which has multiple function calls returning values and a series of eval() functions," Talos said.