Dropbox cited as command centre for Taiwanese Trojan

Dropbox logo

Dropbox is being used as a command and control centre for a remote access Trojan (RAT) that is targeting the Taiwanese Government.

The PlugX RAT, as it is known, is the first attack to use Dropbox as a host for updates to a command and control centre.

PlugX logs the victim’s keystrokes, maps ports and opens remote shells in a network in order to clear the way for more data to be stolen in further attacks.

Attackers with command and control links established, malware analyst Maersk Menrige wrote in a post online, can move laterally within a company’s network to avoid detection.

A second variant of PlugX disrupted anti-virus systems, locked away forensics capabilities and disguised itself within domains until it was made live by the creators.

Dropbox is already in hot water following the news that hackers are hosting malware on its services and spamming dangerous links to unsuspecting victims.

The initial versions of the PlugX malware were identified as early as 2008 but this is the first time it had been used in this way, according to Maersk.

With Dropbox being an easily recognisable brand name, victims are more likely to click on links originating from it, something criminals are keen to exploit.

A Dropbox spokesperson told Cloud Pro: "We will act quickly in response to abuse reports and are constantly improving how we detect and prevent Dropbox users from sharing spam, malware or phishing links.

"[We] will revoke the ability to share links from any accounts that violate our acceptable use policy."

The news will not be welcomed by cloud storage users, whose confidence in Dropbox is at an all-time low. A recent survey found that a majority of enterprise firms see the storage service as a direct threat to their security.