Wednesday, April 17, 2024
HomeCyber CrimeHackers Use Cloud Services to Distribute Nanocore, Netwire, and AsyncRAT Malware

Hackers Use Cloud Services to Distribute Nanocore, Netwire, and AsyncRAT Malware

Threat actors are using Amazon and Microsoft’s public cloud services into their harmful campaigns to deliver commodity remote access trojans (RATs) like Nanocore, Netwire, and AsyncRAT to syphon sensitive data from victim systems.

Researchers from Cisco Talos claimed in a study provided with The Hacker News that the spear-phishing assaults, which began in October 2021, have predominantly targeted companies in the United States, Canada, Italy, and Singapore.

Employing existing infrastructure to support invasions is becoming more common as it eliminates the need for attackers to run their own servers, not to mention using it as a cloaking device to avoid detection by security solutions.

Collaboration and communication applications such as Discord, Slack, and Telegram have recently found their way into many an infection chain to takeover and exfiltrate data from victim machines. In this light, cloud platform abuse is a tactical extension that attackers can utilise as a first step into a wide range of networks.

“There are several fascinating components to this particular effort, and it speaks to some of the things we regularly see utilised and misused by malicious actors,” said Cisco Talos’ head of outreach, Nick Biasini, in an email to The Hacker News.


“From the abuse of dynamic DNS for command-and-control (C2) activities to the use of cloud infrastructure to host malware. Furthermore, the layers of obfuscation reflect the current status of illegal cyber activities, in which it takes a lot of study to get down to the attack’s final payload and goals.”

It all starts with an invoice-themed phishing email containing a ZIP file attachment that, when opened, initiates an attack sequence that downloads next-stage payloads hosted on an Azure Cloud-based Windows server or an AWS EC2 instance, culminating in the deployment of various RATs such as AsyncRAT, Nanocore, and Netwire.

The use of DuckDNS, a free dynamic DNS service, to generate malicious subdomains to deliver malware is also noteworthy, with some of the actor-controlled malicious subdomains resolving to the download server on Azure Cloud and other servers serving as C2 for RAT payloads.


“Malicious actors are opportunistic,” Biasini explained, “and will always be seeking for new and imaginative ways to both host malware and infect victims.” “This pattern includes the exploitation of platforms like Slack and Discord, as well as the related cloud abuse. We frequently see hijacked websites being used to host malware and other infrastructure, demonstrating that these adversaries will use any and all ways to obtain access to victims.”





Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us