Hackers use Dropbox to spread malware
26 June 2014, 12:07
Cape Town - Cyber criminals are migrating their strategy to include cloud-based services to launch attacks on computers, new research has revealed.
In a post by security firm Trend Micro, the firm found that hackers had been manipulating online storage utility Dropbox to download command and control settings (C&C) for malware.
Given that the platform offers free and anonymous storage, it has been an ideal platform to host malware which could be used to launch attacks.
"When BKDR_PLUGX.ZTBF-A is executed, it performs various commands from a remote user, including keystroke logs, perform port maps, remote shell, etc., leading to subsequent attack cycle stages. Typically, remote shell enables attackers to run any command on the infected system in order to compromise its security," wrote Maersk Menrige, threats analyst at Trend Micro.
Dropbox has over 300 million users globally, and has been accelerating as internet access becomes more widely available. The platform offers 2GB of free online storage, requesting only an e-mail address.
Trend Micro discovered that in 2013, the service was abused to launch an attack against a Taiwanese government agency, but the latest instance indicates that cyber criminals are using Dropbox to update C&C settings.
"The use of Dropbox aids in masking the malicious traffic in the network because this is a legitimate website for storing files and documents. We also found out that this malware has a trigger date of May 5 2014, which means that it starts running from that date. This is probably done so that users won’t immediately suspect any malicious activities on their systems," said Menrige.
- Follow Duncan on Twitter