AWS used to spread bank data malware

A Kaspersky researcher spies some malware hosted on AWS targeting bank data.

Malware

Cyber criminals have used Amazon Web Services (AWS) accounts to spread financial data-stealing malware, a security researcher has discovered.

The malware, hosted on AWS, appeared to have emanated from Brazil, as banks within the country were targeted, said Kaspersky Lab expert Dmitry Bestuzhev.

"The evidence indicates that the criminals behind the attack are from Brazil and they used several previously registered accounts to launch the infection," Bestuzhev said in a blog post.

The malware spotted on AWS was able to do a variety of nasty things. As a rootkit, it attempted to disable four different anti-virus programs and a special security application used by Brazilian financial institutions for online banking.

It also attempted to steal financial data from nine Brazilian and two international banks, as well as acquire Microsoft Live Messenger credentials.

At the time of publication, Amazon had not confirmed whether the accounts used to spread the malware had been deactivated.

The findings came after some reports indicated hackers who hit Sony in April had used AWS as a platform.

Last month, Citrix chief technology officer (CTO) Simon Crosby claimed the public cloud was a safer place to store data than the private cloud.

The public cloud may also be a safer place for cyber criminals to operate, however.

"I believe legitimate cloud services will continue to be used by criminals for different kinds of cyber-attacks," Bestuzhev added.

"Cloud providers should start thinking about better monitoring systems and expanding security teams in order to cut down on malware attacks enabled and launched from their cloud."

Hackers could do well from using well known cloud services, as using a server with good repute will mean malware is less likely to be blocked by web filters.

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

Everything you need to know about Citrix
software as a service (SaaS)

Everything you need to know about Citrix

11 Feb 2020
Sopra Steria cyber attack costs to hit €50 million
Security

Sopra Steria cyber attack costs to hit €50 million

26 Nov 2020
Sophos warns customers of potential data leak
Security

Sophos warns customers of potential data leak

26 Nov 2020
Weekly threat roundup: VMware, GitHub, Facebook, and MobileIron
Security

Weekly threat roundup: VMware, GitHub, Facebook, and MobileIron

26 Nov 2020

Most Popular

80% of cyber professionals say the Computer Misuse Act is working against them
Security

80% of cyber professionals say the Computer Misuse Act is working against them

20 Nov 2020
Cisco acquires container security startup Banzai Cloud
Security

Cisco acquires container security startup Banzai Cloud

18 Nov 2020
Weekly threat roundup: Cisco, BlueKeep, Apache Unomi
Security

Weekly threat roundup: Cisco, BlueKeep, Apache Unomi

19 Nov 2020