Lurking Malice in the Cloud

[morganism]

Interesting, they are using separate containers, and only assemble a package right before delivery.

http://sciencebulletin.org/archives/6542.html

Xiaojing Liao, et al., “Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service,” ACM Conference on Computer and Communications Security (CCS).

[barbaz]

Apparently I'm not techie enough to fully understand that article. Would these these cloud services be like, Github type stuff, Google Drive type stuff, or what?

I get that the evil-doers are splitting up the malware among different storages. But what's the other thing it says they're doing? And how would I, as a normal user, spot it?

[Thrawn]

It's not as sensational as the first line suggests, "10 percent of the repositories hosted by them had been compromised". The main point of the article is that malware authors are cloud-hosting their malware instead of self-hosting it.

The fact that they can split malware into pieces that individually look innocuous is interesting, but mostly relevant for antivirus and similar products. A strong NoScript policy will work the same way as usual.