FBI: Androxgh0st malware botnet steals AWS and Microsoft credentials

Threat actors utilizing the Androxgh0st virus are constructing a botnet aimed at stealing cloud credentials and exploiting the obtained data to distribute further malicious payloads, according to a warning issued today by CISA and the FBI.

The botnet, which was first discovered by Lacework Labs in 2022, searches for websites and servers that have remote code execution (RCE) vulnerabilities by utilizing versions of the PHPUnit unit testing framework, PHP web framework, and Apache web server.

CVE-2017-9841 (PHPUnit), CVE-2021-41773 (Apache HTTP Server), and CVE-2018-15133 (Laravel) are among the RCE weaknesses targeted by these attacks.

The two agencies warned that Androxgh0st is a Python-scripted malware that is mainly used to target.env files that contain sensitive data read more Androxgh0st malware botnet steals AWS, Microsoft credentials.

Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *