I would like to focalize on Trojan aspect applied to Cloud services and relative user accounts.
Trojan could be easily installed on any pc/devices (For example visiting an unknown hackered website)
The concept it is simple: If you have a Trojan that intercept your Cloud user credential you are going to be in a very critical situation. (risk would increase if double authentication would not active on your cloud account)
Credentials could be used to stole your critical data/access to your company servers and be sold from criminals.
A very useful mitigation actions could be start using next generation antivirus providers that utilizes machine learning indeed than standard AV (this method use signatures as the primary detection mechanism)
Full interview and details could be found reading this article:
https://www.techrepublic.com/article/how-trojans-steal-credentials-and-attack-cloud-services/
If you are interested you could review these old blog articles/sections:
Cloud
http://www.alessandromazzanti.com/search/label/Cloud
Microsoft Azure
http://www.alessandromazzanti.com/search/label/Windows%20Azure
[update 2018.06.17]
I would like to indicate this Micorosft security video/lessons:
https://mva.microsoft.com/en-US/training-courses/hybrid-cloud-workload-protection-with-azure-security-center-18173?l=Ld0LK42jE_006218965