Amazon cloud – host for financial data steal malware
There were rumours going around that the Amazon cloud was the platform for the Sony hackers. Now, the same services are used for financial stealing malware programs.
The evidence indicates that the criminals behind the attack is from Brazil and used in the past several accounts registered to start the infection. Unfortunately after my formal complaints to the Amazon, and waiting more than 12 hours, every malicious links is connected and active!
Criminals are more and more legitimate use cloud services for malicious purposes. In most cases, abuse them successfully.
The malware hosted on Amazon comes with a lot of different malicious code, they all fell to victim machines and act in different ways:
Acting as a rootlet – looking and deny the normal execution of four different anti-virus and security application GBPluggin particular Called and used online banking for Brazilian banks in the country by many.
Steal of nine Brazilian International Financial Reporting and banks 2.
Microsoft Live Messenger to steal credentials.
ETokens steal digital certificates used by the system.
Stealing information on the CPU, hard drive volume number, name of the PC and so on (this information is used to Being Some banks of Latin America during the sessions of the bank entry to authenticate clients.)
Two ways to filter stolen date: via e-mail to the offender Gmail account via special php and insert the remote database.
Finally, samples malicious software is protected by law against piracy Called Enigma Protector. The criminals use to make it more difficult for analysts to reverse engineer.
All samples were detected by KAV as:
I also hope that all malicious links is disabled by Amazon soon too. I think legitimate services tag will be continued criminals use for different types of cyber attacks.
Cloud providers should begin to think of better security and surveillance systems for expansion teams to reduce malicious attacks launched from outside the cloud and enabled.