Dropbox used as command and control for Taiwan time bomb
A remote access trojan (RAT) is using Dropbox for command and control in a targeted attack against the Taiwanese Government, malware analyst Maersk Menrige says.
The upgraded PlugX RAT is the first targeted attack to use Dropbox to update command and control settings, Menrige said, as distinct from other malware and ransomware which used the popular cloud storage platform to fling malicious files at victims.
The trojan logs a victim's keystrokes, maps ports and opens remote shells to facilitate further data theft and exploitation. "The use of Dropbox aids in masking the malicious traffic in the network because this is a legitimate website for storing files and documents," Trend Micro's Menrige said.