Cyber criminals have used Amazon Web Services (AWS) accounts to spread financial data-stealing malware, a security researcher has discovered.
The malware, hosted on AWS, appeared to have emanated from Brazil, as banks within the country were targeted, said Kaspersky Lab expert Dmitry Bestuzhev.
"The evidence indicates that the criminals behind the attack are from Brazil and they used several previously registered accounts to launch the infection," Bestuzhev said in a blog post.
The malware spotted on AWS was able to do a variety of nasty things. As a rootkit, it attempted to disable four different anti-virus programs and a special security application used by Brazilian financial institutions for online banking.
It also attempted to steal financial data from nine Brazilian and two international banks, as well as acquire Microsoft Live Messenger credentials.
At the time of publication, Amazon had not confirmed whether the accounts used to spread the malware had been deactivated.
The findings came after some reports indicated hackers who hit Sony in April had used AWS as a platform.
Last month, Citrix chief technology officer (CTO) Simon Crosby claimed the public cloud was a safer place to store data than the private cloud.
The public cloud may also be a safer place for cyber criminals to operate, however.
"I believe legitimate cloud services will continue to be used by criminals for different kinds of cyber-attacks," Bestuzhev added.
"Cloud providers should start thinking about better monitoring systems and expanding security teams in order to cut down on malware attacks enabled and launched from their cloud."
Hackers could do well from using well known cloud services, as using a server with good repute will mean malware is less likely to be blocked by web filters.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Citrix Bleed an “early Christmas present” for hackers as flaw claims latest victimNews Xfinity is the latest firm to fall victim to the Citrix Bleed vulnerability
-
Citrix Bleed remains out of control with thousands of appliances still vulnerableNews Thousands of organizations at risk of Citrix Bleed have still not patched, analysis suggests
-
What is Citrix Bleed and should you be worried?News A critical buffer over-read can expose sensitive information in affected devices
-
Patch-resistant autonomous exploits of Citrix NetScaler hardware hit thousands in EuropeNews More than 1,800 Citrix NetScaler devices still contained backdoors at the time of publication
-
Citrix discloses critical NetScaler Gateway vulnerabilityNews Users of affected products have been urged to implement patches immediately to mitigate risk
-
Dell Technologies World 2022: Dell unveils security offerings for major cloud providersNews The tech giant also added Cyber Recovery Services to its existing Apex portfolio and announced a multi-cloud collaboration with Snowflake Data Cloud
-
Denonia named as first malware to target AWS Lambda platformNews Deployment demonstrates how attackers are using advanced cloud-specific knowledge to exploit complex cloud infrastructure, Cado Security says
-
MWC 2022: Ukrainian protesters call for Russian tech boycottNews The protestors are urging AWS to “shut down” servers being used by Russian entities
