Microsoft Azure cloud services have become an excellent choice for cybercriminals who need to store somewhere malicious content.From fishing templates to malware and C&C command servers, it looks like the attackers have found suitable storage for all of this.
“Not only is Azure hosting malware, it is also functioning as the command and control infrastructure for the malicious files”, — says David Pickett from AppRiver.
Earlier has already been mentioned connection of cybercriminals with Azure. For example, about 200 fake tech support sites were hosted on this platform. There was also a case where Azure was used to store fishing templates for Office 365.
It turned out that these are not isolated cases as JayTHL and MalwareHunterTeam security researchers found a malicious program on Azure, which was immediately reported by Microsoft.
“It is clear that at the moment, Azure does not detect malicious programs hosted on Microsoft servers,” – explains David Pickett.
Researchers downloaded “Searchfile.exe”, one of the found samples, on VirusTotal. It turned out that Windows Defender does not detect this malware.