Analysis and Detection of CLOUD#REVERSER: An Attack Involving Threat Actors Compromising Systems Using A Sophisticated Cloud-Based Malware

Description

Securonix Threat Research has uncovered a sophisticated malware campaign, dubbed CLOUD#REVERSER, that leverages popular cloud storage services like Google Drive and Dropbox for malware delivery, command execution, and data exfiltration. The infection chain starts with a phishing email containing a malicious zip attachment disguised as a Microsoft Office document. The malware employs various obfuscation techniques, including VBScript and PowerShell stages, to establish persistence, communicate with attacker-controlled servers, and dynamically fetch additional payloads. The threat actors utilize cloud platforms as conduits for executing commands and exfiltrating sensitive data while blending into normal network traffic.