Researchers have alerted the public to a growing threat posed by Amazon Web Services and its available pre-configured virtual servers, stating that threat actors can build Community Amazon Machine Images (AMI) infected with malware yet make them identical to legitimate ones. This poses a risk to AWS customers, as they could unknowingly download malware onto their device from the AWS marketplace. Security firm Mitiga uncovered the threat in a report published on Friday.
According to Mitiga, although this is not occurring at a large scale, the threat is not theoretical as the organization has already found a malicious AMI in the wild running an infected instance of Windows Server 2008. Although the malicious AMI was removed from a customer’s Amazon Elastic Compute Cloud earlier this month, it remains available in Amazon’s Community AMI marketplace. This specific AMI was replicating a crypto-miner that generates Monero coins for unknown hackers. Mitiga has since notified Amazon of the risks and infected AMI.