
Cybercriminals and antimalware providers play a constant game of innovation and catch-up; cybercriminals build and distribute new strains of malware, and solution providers identify and ensure detection of these strains as fast as possible.
To stay ahead of cybercriminals, Cloud Storage Security’s internal threat laboratory, Casmer Labs, constantly collects, organizes, and analyzes malware samples. In the month of February, there were a number of trends and specific strains that stood out as significant risks to organizations and their downstream users.
The Top 3 Malware Families for February 2025
Among the leading malware threats detected in customer storage volumes for February 2025, the most frequently observed strains include:
- Mirai – A well-known botnet malware that targets IoT devices to launch DDoS attacks
- Prometei – A botnet malware that exposes a recently-discovered Microsoft Exchange vulnerability
- Remcosrat – An infostealer and remote-controlled piece of malware usually distributed via phishing campaigns
These malware families exploit common attack vectors downstream, making it crucial for organizations to remain vigilant when they are ingesting data into their cloud storage volumes.
Most Common File Types Associated with Malware in February 2025
Cybercriminals package malware in different file formats to maximize distribution and infect systems effectively. In February 2025, the most affected file types* were:
- ELF (Executable and Linkable Format)
- Primarily affects Linux systems, including servers and IoT devices
- EXE (Windows Executable)
- A major threat to Windows users, often delivered via phishing emails or malicious downloads
- SH (Shell Scripts)
- Targeting Linux and macOS users, frequently used for automation in attacks
- ZIP (Compressed Archives)
- A common delivery method for payloads, often containing malicious scripts or executables
- APK (Android Package Kit)
- Targets mobile phones running Android operating systems
- Targets mobile phones running Android operating systems
Downstream Risks to Cloud Storage Environments
For organizations that store and process data in the cloud, the principal risks associated with malware ingestion lie not within their cloud infrastructure, but the downstream users that those files will eventually reach. If an employee, customer, or partner were to download and execute a piece of malware on their local machine, the results could include the initiation of a ransomware event, a data breach, or other forms of sensitive data loss.
- Amazon S3 Risks: Malware-laden files stored in S3 buckets can be accessed by unsuspecting users or integrated into workflows, spreading infections within an organization
- Amazon EBS, EFS, and FSx Risks: These storage solutions, often used for persistent data storage and file sharing, are susceptible to malware propagation if not properly secured. Attackers may plant malicious files that persist across system reboots or infect shared file systems
- Google Cloud and Microsoft Azure Risks: Similar risks apply, where misconfigured permissions and lack of malware scanning allow infected files to propagate
Enhance Security Against Malware
To mitigate these risks, organizations should deploy advanced security measures tailored for cloud storage environments:
- Scan Data in Storage Regularly for Malware: Leverage in-tenant malware protection to ensure that malicious files are detected before they are distributed downstream and accessed
- Automate Threat Detection: Implement cloud-native security tools that scan uploaded files in real time to prevent malware from propagating
- Enforce Access Control and Encryption: Enforce strict access policies and encrypt stored data to reduce exposure
- Continuously Monitor: Regularly audit cloud storage configurations and access logs to detect anomalies
As new strains of malware are built and the tactics they employ continue to evolve, keeping informed and making the appropriate changes to security practices is the best course of defense.
About Cloud Storage Security
Cloud Storage Security (CSS) is dedicated to protecting storage in the cloud. Our robust malware detection solution is designed to secure the entirety of an organization’s cloud storage suite, preventing cybersecurity incidents, including ransomware events, in downstream environments. Contact a subject matter expert today to get started implementing a robust cloud storage security strategy.