By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Microsoft’s Azure cloud services have become an attractive option for cybercriminals to store malicious content. From phishing templates to malware and command and control services, it seems that crooks found a new place for them. Just this month, BleepingComputer reported on two incidents related to malware on Azure. In one case there were about 200 websites showing tech-support scams that were hosted on the platform. Another article, published this week, informs of Azure being used of hosting a phishing template for Office 365. Being both products from Microsoft, the scam appears as a legitimate login request, increasing the success rate. It appears that these are not isolated incidents. Security researchers JayTHL and MalwareHunterTeam found malware on Azure and reported it to Microsoft on May 12. According to AppRiver cybersecurity company, the reported piece of malware along with other samples that were uploaded at a later time was still present on Microsoft’s Azure infrastructure on May 29. “It's evident that Azure is not currently detecting the malicious software residing on Microsoft's servers,” says David Pickett of AppRiver. One of the samples, ‘searchfile.exe,’ was indexed by VirusTotal scanning service on April 26, and Windows Defender detects it. The same goes for the malware found by the two researchers, ‘printer/prenter.exe,’ which is an uncompiled portable executable file, specifically so to avoid gateway and endpoint security solutions detecting it upon download. However, Windows Defender will kick in and block the malicious file when users try to download them on the machine. JayTHL details that the sample appears to be a simple agent that runs any command it receives from the command and control server. He determined that there could be as many as 90 bots under control if their ID numbers were generated in sequential order. Follow this security threat on OUR FORUM.

 

GTranslate