This article details how attackers can misuse AWS CLI aliases to stealthily maintain persistence in cloud environments. It explains the mechanics of creating malicious aliases that preserve normal command functionality while executing harmful actions, such as credential exfiltration. A proof of concept demonstrates the technique in action.