Skip to main content

FBI warns against cloud credential-stealing Androxgh0st botnet

posted onJanuary 17, 2024
by l33tdawg
CSO Online
Credit: CSO Online

he Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency (CISA) have published an urgent advisory about the Androxgh0st botnet, which is being used to steal cloud credentials from major platforms, including AWS, SendGrid, and Microsoft Office 365.

Initially identified by Lacework Labs in 2022, Androxgh0st is a Python-scripted malware designed to infiltrate and exploit vulnerabilities in various web frameworks and servers, primarily targeting .env files that store sensitive cloud credentials.

Androxgh0st scans for websites and servers using older versions of PHPUnit, PHP web frameworks, and Apache web servers that have known remote code execution (RCE) vulnerabilities. About 68% of Androxgh0st malware’s SMTP abuses originate from Windows systems, with 87% of attacks executed through Python, according to Lacework Labs’ analysis.

Source

Tags

Industry News

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th