Analysis and Detection of CLOUD#REVERSER: An Attack Involving Threat Actors Compromising Systems Using A Sophisticated Cloud-Based Malware
released on 2024-05-22 @ 07:39:57 AM
Securonix Threat Research has uncovered a sophisticated malware campaign, dubbed CLOUD#REVERSER, that leverages popular cloud storage services like Google Drive and Dropbox for malware delivery, command execution, and data exfiltration. The infection chain starts with a phishing email containing a malicious zip attachment disguised as a Microsoft Office document. The malware employs various obfuscation techniques, including VBScript and PowerShell stages, to establish persistence, communicate with attacker-controlled servers, and dynamically fetch additional payloads. The threat actors utilize cloud platforms as conduits for executing commands and exfiltrating sensitive data while blending into normal network traffic.