Amazon used to spread bank-stealing trojan

By

Amazon gives legitimacy to scams.

Criminals for the past several weeks have been exploiting Amazon's Simple Storage Service (S3) cloud offering to spread SpyEye malware.

Amazon used to spread bank-stealing trojan

Amazon S3, a paid web service that enables users to store data or files in the cloud, has been heavily abused this month, according to Kaspersky Lab malware analyst Jorge Mieres.

SpyEye is an online banking trojan designed to steal money from victims' bank accounts. The malware is capable of evading sophisticated anti-fraud systems put in place by financial institutions.

Amazon S3 was included in domain names that distribute SpyEye which added legitimacy to the attacks, Mieres said. Users may not suspect they are being duped by attackers when stumbling to one of the nefarious sites.

Those behind the campaign are using stolen identity and credit card data to open Amazon accounts needed to use the web storage service.

“Despite being a paid service, the cost is not an obstacle for profitable attackers,” Mieres said.

Amazon could not be reached at the time of publication. Kaspersky Lab, however, has reported the malicious domains to the cloud computing giant.

Online vandals regularly abuse cloud services as part of their operations, Mieres said. Many other cloud services offer free content hosting, making it even easier for cybercriminals.

Malicious actors have in the past leveraged Amazon's Elastic Compute Cloud (EC2) service as the command-and-control server for Zeus, another prevalent banking trojan.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?