search

ramimac / aws-customer-security-incidents

A repository of breaches of AWS customers
GNU General Public License v3.0
686 stars 40 forks source link

Cloud creds stealer #124

Open christophetd opened 11 months ago

christophetd commented 11 months ago

https://securelist.com/backdoored-free-download-manager-linux-malware/110465/

This stealer collects data such as system information, browsing history, saved passwords, cryptocurrency wallet files, as well as credentials for cloud services (AWS, Google Cloud, Oracle Cloud Infrastructure, Azure).

ramimac commented 11 months ago

I'm going to leave this open, but not add

I think "opportunistically grabs AWS credentials" doesn't quite rise to the level of tracking -- versus "targets AWS hosted infrastructure", if that distinction makes sense?

My understanding is that most stealers will pick up the credentials file if it's lying around

christophetd commented 11 months ago

Yep makes sense. Thanks