Windows 10 News and info | Forum
July 13, 2020, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Microsoft Azure Being Used to Host Malware and C2 Servers  (Read 319 times)
Hero Member
Offline Offline

Gender: Male
United States United States

Posts: 31578

I Do Windows

WWW Email
« on: June 02, 2019, 02:23:06 AM »

Microsoft’s Azure cloud services have become an attractive option for cybercriminals to store malicious content. From phishing templates to malware and command and control services, it seems that crooks found a new place for them.

Just this month, BleepingComputer reported on two incidents related to malware on Azure. In one case there were about 200 websites showing tech-support scams that were hosted on the platform.

Another article, published this week, informs of Azure being used to host a phishing template for Office 365. Being both products from Microsoft, the scam appears as a legitimate login request, increasing the success rate.

It appears that these are not isolated incidents. Security researchers JayTHL and MalwareHunterTeam found malware on Azure and reported it to Microsoft on May 12.

According to AppRiver cybersecurity company, the reported piece of malware along with other samples that were uploaded at a later time was still present on Microsoft’s Azure infrastructure on May 29.

“It's evident that Azure is not currently detecting the malicious software residing on Microsoft's servers,” says David Pickett of AppRiver.

One of the samples, ‘searchfile.exe,’ was indexed by VirusTotal scanning service on April 26, and Windows Defender detects it.

The same goes for the malware found by the two researchers, ‘printer/prenter.exe,’ which is an uncompiled portable executable file, specifically so to avoid gateway and endpoint security solutions detecting it upon download.

However, Windows Defender will kick in and block the malicious file when users try to download them on the machine.

Pickett says that when executing ‘printer.exe’ the command line is invoked to run C# compiler and thus activate the payload.

“Once running, this malicious agent generates XML SOAP requests every 2 minutes to check-in and receive commands from the malicious actors Azure command and control site at: systemservicex[.]azurewebsites[.]net/data[.]asmx,” the researcher explains.

JayTHL details that the sample appears to be a simple agent that runs any command it receives from the command and control server. He determined that there could be as many as 90 bots under control if their ID numbers were generated in sequential order.

Microsoft Azure would not be the first big-name platform abused to store malicious content; Google Drive, Dropbox, and Amazon’s web services are just some examples. Typically, cybercriminals compromise legitimate websites and use them to host malicious content, but they will not shy away from grabbing any opportunity to do their business, especially if little risk and effort are on the table.


Pages: [1]
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page June 10, 2020, 09:17:35 AM