aws-customer-security-incidents icon indicating copy to clipboard operation
aws-customer-security-incidents copied to clipboard

Published 20 hours ago verified publisher icon ramimac

Cloud creds stealer

Open christophetd opened this issue 1 year ago • 2 comments

https://securelist.com/backdoored-free-download-manager-linux-malware/110465/

This stealer collects data such as system information, browsing history, saved passwords, cryptocurrency wallet files, as well as credentials for cloud services (AWS, Google Cloud, Oracle Cloud Infrastructure, Azure).

christophetd avatar Sep 12 '23 20:09 christophetd

I'm going to leave this open, but not add

I think "opportunistically grabs AWS credentials" doesn't quite rise to the level of tracking -- versus "targets AWS hosted infrastructure", if that distinction makes sense?

My understanding is that most stealers will pick up the credentials file if it's lying around

ramimac avatar Sep 20 '23 01:09 ramimac

Yep makes sense. Thanks

christophetd avatar Sep 20 '23 06:09 christophetd