Cloud Security, Malware

Microsoft Azure, Cloudflare lures leveraged to spread Latrodectus malware downloader

Share
Microsoft Azure logo

Threat actors have leveraged Microsoft Azure and Cloudflare lures to facilitate phishing campaigns deploying the Latrodectus malware downloader, also known as IceNova and Unidentified 111, BleepingComputer reports.

Intrusions involved the use of reply-chain phishing emails that would include PDF attachments purporting to be a Microsoft Azure-hosted document or embedded URLs, according to security researcher ProxyLife. Downloading the PDF document would redirect targets to a fraudulent "Cloudflare security check" meant to evade email security scanners that would trigger the download of a document-spoofing JavaScript file, which executes an MSI file that drops Latrodectus as a DLL.

Only the Lumma information-stealing payload and Danabot malware have been distributed by Latrodectus so far but the malware downloader, which was found to be associated with the IcedID malware loader, may be leveraged to enable the deployment of more malicious payloads.

Such a risk should prompt organizations to immediately disconnect systems with devices compromised with Latrodectus.

An In-Depth Guide to Cloud Security

Get essential knowledge and practical strategies to fortify your cloud security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.