Criminals abusing Amazon cloud to spread SpyEye

Criminals for the past several weeks have been exploiting Amazon's Simple Storage Service (S3) cloud offering to spread SpyEye malware, according to researchers at anti-virus firm Kaspersky Lab.

Amazon S3, a paid web service that enables users to store data or files in the cloud, has been heavily abused this month, Jorge Mieres, a malware analyst at Kaspersky Lab, told SCMagazineUS.com in an email Friday.

SpyEye is an online banking trojan designed to steal money from victims' bank accounts. The malware is capable of evading sophisticated anti-fraud systems put in place by financial institutions.

Amazon S3 is being used by criminals to host malicious sites that distribute SpyEye, Mieres said. The rogue URLs contain “Amazon S3” in their domain names, adding legitimacy to the attack.

As a result, users may not suspect they are being duped by attackers when stumbling to one of the nefarious sites, he warned.

Those behind the campaign are using stolen identity and credit card data to open Amazon accounts needed to use the web storage service.

“Despite being a paid service, the cost is not an obstacle for profitable attackers,” Mieres said.

Amazon could not be reached by SCMagazineUS.com on Friday. Kaspersky Lab, however, has reported the malicious domains to the cloud computing giant.

Online vandals regularly abuse cloud services as part of their operations, Mieres said. Many other cloud services offer free content hosting, making it even easier for cybercriminals.

Malicious actors have in the past leveraged Amazon's Elastic Compute Cloud (EC2) service as the command-and-control server for Zeus, another prevalent banking trojan.