CloudSnooper

Aliases

Snoopy

Tags

Rootkit

Techniques

In-band signaling

Incidents

Cyberoam breach (2018)

References

https://news.sophos.com/en-us/2020/02/25/the-cloud-snooper-malware-that-sneaks-into-your-linux-servers/https://malpedia.caad.fkie.fraunhofer.de/details/elf.cloud_snooperhttps://www.manageengine.com/log-management/aws-cloud-snooper-attack.html

Last edited

Feb 19, 2025 2:21 PM

Cloud Snooper is a malware targeting both Linux and Windows servers, including those hosted on Amazon Web Services (AWS). It employs a rootkit to establish a backdoor, enabling attackers to bypass firewall restrictions and communicate with compromised systems via covert channels. The malware inspects incoming HTTP and HTTPS traffic, identifying specially crafted packets that signal commands from the attackers. This technique allows unauthorized access and data exfiltration while evading traditional security measures.