AWS used to spread bank data malware

gallery

Cyber criminals have used Amazon Web Services (AWS) accounts to spread financial data-stealing malware, a security researcher has discovered.

The malware, hosted on AWS, appeared to have emanated from Brazil, as banks within the country were targeted, said Kaspersky Lab expert Dmitry Bestuzhev.

“The evidence indicates that the criminals behind the attack are from Brazil and they used several previously registered accounts to launch the infection,” Bestuzhev said in a blog post.

The malware spotted on AWS was able to do a variety of nasty things. As a rootkit, it attempted to disable four different anti-virus programs and a special security application used by Brazilian financial institutions for online banking.

It also attempted to steal financial data from nine Brazilian and two international banks, as well as acquire Microsoft Live Messenger credentials.

At the time of publication, Amazon had not confirmed whether the accounts used to spread the malware had been deactivated.

The findings came after some reports indicated hackers who hit Sony in April had used AWS as a platform.

Last month, Citrix chief technology officer (CTO) Simon Crosby claimed the public cloud was a safer place to store data than the private cloud.

The public cloud may also be a safer place for cyber criminals to operate, however.

“I believe legitimate cloud services will continue to be used by criminals for different kinds of cyber-attacks,” Bestuzhev added.

“Cloud providers should start thinking about better monitoring systems and expanding security teams in order to cut down on malware attacks enabled and launched from their cloud.”

Hackers could do well from using well known cloud services, as using a server with good repute will mean malware is less likely to be blocked by web filters.

Email to a friend

Print this page