A cloudy campaign delivers commodity remote-access trojans to steal information and execute code.
Cyberattackers are abusing Amazon Web Services (AWS) and Azure Cloud services to deliver a trio of remote access trojans (RATs), researchers warned – all aimed at hoovering up sensitive information from target users.
According to an analysis from Cisco Talos, threat actors have been pushing out variants of the malware known as AsyncRAT, Netwire and Nanocore since October, mainly to targets in Italy, Singapore and the United States. A few of the targets have been in South Korea and Spain as well, according to the firm.
As in many campaigns, the attacks start with a phishing email containing a malicious .ZIP attachment, researchers said. But the attackers have a cloud-based trick up their sleeve.
Clouding the (Malicious)