Read Full Analysis here: CloudFanta Malware Campaign Technical Analysis
We recently published an overview blog about the CloudFanta malware campaign that uses the Sugarsync cloud storage app to deliver malware capable of stealing user credentials and monitoring online banking activities. This blog will detail the technical aspects of CloudFanta.
Although CloudSquirrel and CloudFanta malware are not similar, we believe that both malware campaigns are deployed by the same actor based on the following similarities.
We recently published an overview blog about the CloudFanta malware campaign that uses the Sugarsync cloud storage app to deliver malware capable of stealing user credentials and monitoring online banking activities. This blog will detail the technical aspects of CloudFanta.
Although CloudSquirrel and CloudFanta malware are not similar, we believe that both malware campaigns are deployed by the same actor based on the following similarities.
- Use of cloud services to download and deliver the malware and its payloads.
- Infecting users by downloading malicious payloads (32-bit and 64-bit executables) for performing data exfiltration.
- Targeting Brazilian users with the usage of similar file names such as NF-9944132-br.PDF.jar and the parameters used to communicate with the C&C server.
