Aliases
Snoopy
Tags
Rootkit
Techniques
In-band signaling
Incidents
Cyberoam breach (2018)
References
https://news.sophos.com/en-us/2020/02/25/the-cloud-snooper-malware-that-sneaks-into-your-linux-servers/https://malpedia.caad.fkie.fraunhofer.de/details/elf.cloud_snooperhttps://www.manageengine.com/log-management/aws-cloud-snooper-attack.html
Last edited
Feb 19, 2025 2:21 PM
Cloud Snooper is a malware targeting both Linux and Windows servers, including those hosted on Amazon Web Services (AWS). It employs a rootkit to establish a backdoor, enabling attackers to bypass firewall restrictions and communicate with compromised systems via covert channels. The malware inspects incoming HTTP and HTTPS traffic, identifying specially crafted packets that signal commands from the attackers. This technique allows unauthorized access and data exfiltration while evading traditional security measures.