Criminals for the past several weeks have been exploiting Amazon's Simple Storage Service (S3) cloud offering to spread SpyEye malware.
Amazon S3, a paid web service that enables users to store data or files in the cloud, has been heavily abused this month, according to Kaspersky Lab malware analyst Jorge Mieres.
SpyEye is an online banking trojan designed to steal money from victims' bank accounts. The malware is capable of evading sophisticated anti-fraud systems put in place by financial institutions.
Amazon S3 was included in domain names that distribute SpyEye which added legitimacy to the attacks, Mieres said. Users may not suspect they are being duped by attackers when stumbling to one of the nefarious sites.
Those behind the campaign are using stolen identity and credit card data to open Amazon accounts needed to use the web storage service.
“Despite being a paid service, the cost is not an obstacle for profitable attackers,” Mieres said.
Amazon could not be reached at the time of publication. Kaspersky Lab, however, has reported the malicious domains to the cloud computing giant.
Online vandals regularly abuse cloud services as part of their operations, Mieres said. Many other cloud services offer free content hosting, making it even easier for cybercriminals.
Malicious actors have in the past leveraged Amazon's Elastic Compute Cloud (EC2) service as the command-and-control server for Zeus, another prevalent banking trojan.