Dropbox cited as command centre for Taiwanese Trojan

Dropbox logo

Dropbox is being used as a command and control centre for a remote access Trojan (RAT) that is targeting the Taiwanese Government.

The PlugX RAT, as it is known, is the first attack to use Dropbox as a host for updates to a command and control centre.

PlugX logs the victim’s keystrokes, maps ports and opens remote shells in a network in order to clear the way for more data to be stolen in further attacks.

Attackers with command and control links established, malware analyst Maersk Menrige wrote in a post online, can move laterally within a company’s network to avoid detection.

A second variant of PlugX disrupted anti-virus systems, locked away forensics capabilities and disguised itself within domains until it was made live by the creators.

Dropbox is already in hot water following the news that hackers are hosting malware on its services and spamming dangerous links to unsuspecting victims.

The initial versions of the PlugX malware were identified as early as 2008 but this is the first time it had been used in this way, according to Maersk.

With Dropbox being an easily recognisable brand name, victims are more likely to click on links originating from it, something criminals are keen to exploit.

A Dropbox spokesperson told Cloud Pro: "We will act quickly in response to abuse reports and are constantly improving how we detect and prevent Dropbox users from sharing spam, malware or phishing links.

"[We] will revoke the ability to share links from any accounts that violate our acceptable use policy."

The news will not be welcomed by cloud storage users, whose confidence in Dropbox is at an all-time low. A recent survey found that a majority of enterprise firms see the storage service as a direct threat to their security.

Latest in Cloud Security
AI chatbot text dialogue boxes in difference colours above a digital circuit board with lines of light emanating from it
Enterprise AI is surging, but is security keeping up?
Cloud storage concept image showing digitized cloud symbol with data flows.
AI is putting your cloud workloads at risk
Logo of Google Cloud, which recently announced the Wiz acquisition, pictured at Mobile World Congress 2025 in Barcelona, Spain.
The Wiz acquisition stakes Google's claim as the go-to hyperscaler for cloud security – now it’s up to AWS and industry vendors to react
Wiz logo pictured on a laptop screen.
Google confirms Wiz acquisition in record-breaking $32 billion deal
A multicolored, CGI padlock set against blue and yellow glowing slabs representing SWG and next-gen SWG in a cloud environment.
What is a secure web gateway (SWG) and next-gen SWG?
Cloud computing concept image showing a cloud symbol with electricity flowing to it, signifying cloud uptime capabilities.
Surging CNAPP investment is a big opportunity for the channel
Latest in News
Digital handshake concept with Hand shake between two businessmen with digital hand
SYSPRO appoints Josef Al-Sibaie to spearhead global expansion
A telephoto shot of Evan Goldberg, founder and EVP at Oracle NetSuite, pictured from the waist up speaking onstage at the opening keynote of SuiteConnect London 2025.
‘Every feature that comes into NetSuite over the coming years is going to have AI’: NetSuite’s Evan Goldberg on the future of the platform and how AI will drive customer success
ChatGPT logo and branding pictured in white coloring against a black backdrop.
DeepSeek and Anthropic have a long way to go to catch ChatGPT: OpenAI's flagship chatbot is still far and away the most popular AI tool in offices globally
Cybersecurity concept image symbolizing third-party data breaches with give padlock symbols and one pictured in red, signifying a security breach.
These five countries recorded the most third-party data breaches last year
Flexible work concept image showing woman working in office environment side by side with woman working from home.
IT professionals aren’t budging on flexible work demands – and more than half say they’ll quit if employers don’t meet expectations
Phishing concept image showing an email symbol with fishing hook.
Have I Been Pwned owner Troy Hunt’s mailing list compromised in phishing attack