October 26, 2016 Cloudfanta Malware Stored in the Cloud Steals User Account Information

Cloudfanta Malware Stored in the Cloud Steals User Account Information

It seems that the Internet cloud is no longer a safe place for people to store important files. A certain malware called CloudFanta had been caught running around the worldwide web seeking its next prey. Recently, it had successfully penetrated the cloud storage app called Sugarsync.

Cloudfanta Malware Stored in the Cloud Steals User Account Information
Credit: Netskope.com

According to a report submitted by a certain cybersecurity firm known as Netskope, the CloudFanta malware had been wreaking havoc in the cloud since July this year. It has been implicated that the cyber crooks running this malicious campaign were able to steal more than twenty-six thousand user account credentials. It also eavesdrops of an individual’s online activity intending to capture relevant financial information.

CloudFanta had taken advantage of Sugarsync’s vast customer base to increase its reach and achieve its goal in this campaign.

The operation of the CloudFanta malware is quite sophisticated. It employs the functionality of high-end computer codes to perform its task. Some DLL files are hidden underneath the guise of an email attachment or link in the body of the message. The unsuspecting victim would either open the attachment or simply click on the link. Then, a JAR file will initiate the download of the DLL files without the user’s awareness. These DLL files are used to steal their information and vandalize their account.

It is difficult the malware because it hides the DLL files in portable network graphics format. It comes with a .png file extension. The malware is stored as a file in Sugarsync’s cloud. Hence, it is transmitted using a secured server.

The malware is seen to be aiming at a specific group of individuals. The cybersecurity firm pointed out that it had affected mainly Brazilian users.

When a device or computer has been infected with the malware, users will be directed to a fake login page after they had initially typed in their username and password on the original login page. This is where the identify theft takes place. The user is led back to the original login page as if nothing happened but their personal information had already been stored into the hacker’s server.

But that is just one way for CloudFanta to steal an individual’s personal information. It has another clever gimmick which it uses to capture a person’s banking details without getting caught in the web of the banks online security.

Since most banks use an online keyboard for users to enter their login details, the malware is able to capture this information by secretly taking a screenshot of every movement of the mouse. It is then saved into a text file which can later be used to access the user’s account and steal their banking information.

CloudFanta had also used Dropbox to distribute the malware but they preferred to use Sugarsync because of its vast number of users. Sugarsync has already been made aware of this issue. They are now cooperating with Netskope to remove these infected links.

Business organizations are highly advised to take the necessary steps of implementing robust security measures to prevent the spread of these cloud storage malware.

Leave a Reply

Your email address will not be published. Required fields are marked *