Analysis and Detection of CLOUD#REVERSER: An Attack Involving Threat Actors Compromising Systems Using A Sophisticated Cloud-Based Malware

Tags

External References

• https://www.securonix.com/
• https://otx.alienvault.com/

Description

Securonix Threat Research has uncovered a sophisticated malware campaign, dubbed CLOUD#REVERSER, that leverages popular cloud storage services like Google Drive and Dropbox for malware delivery, command execution, and data exfiltration. The infection chain starts with a phishing email containing a malicious zip attachment disguised as a Microsoft Office document. The malware employs various obfuscation techniques, including VBScript and PowerShell stages, to establish persistence, communicate with attacker-controlled servers, and dynamically fetch additional payloads. The threat actors utilize cloud platforms as conduits for executing commands and exfiltrating sensitive data while blending into normal network traffic.

Date