Androxgh0st Botnet Expands Reach, Exploiting US University Servers

New CloudSEK findings show Androxgh0st botnet evolving. Academic institutions, including UC San Diego, hit. Discover how this sophisticated…...

TP-Link Router Botnet

There is a new botnet that is infecting TP-Link routers: The botnet can lead to command injection which then makes remote code execution RCE possible so that the malware can spread itself across the internet automatically. This high severity security flaw tracked as CVE-2023-1389 has also been us...

Androxgh0st Botnet Targets IoT Devices, Exploiting 27 Vulnerabilities

Androxgh0st, a botnet targeting web servers since January 2024, is also deploying IoT-focused Mozi payloads, reveals CloudSEK’s latest research...

AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware. "This botnet utilizes remote code execution and credential-stealing methods to maintain persistent...

Androxgh0st Botnet Integrates Mozi, Expands Attacks on IoT Vulnerabilities

CloudSEK reports that the Androxgh0st botnet has integrated with the Mozi botnet and exploits a wide range of…...

Androxgh0st Malware Compromises Servers Worldwide for Botnet Attack

By Deeba Ahmed Veriti Research exposes surge in Androxgh0st attacks, exploiting CVEs and building botnets for credential theft. Patch systems, monitor for web shells, and use behavioral analysis to protect yourself. This is a post from HackRead.com Read the original post: Androxgh0st Malware...

AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials

Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that's used to target Laravel applications and steal sensitive data. "It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio," Juniper Threat Labs...

Imperva uncovers new Indicators of Compromise for FBI and CISA-flagged AndroxGh0st botnet

On January 16, a joint alert from FBI and CISA warned about a concerning development: the emergence of a botnet driven by AndroxGh0st malware targeting vulnerable applications and web servers. AndroxGh0st is a Python-based malware, first seen in late 2022, designed to target Laravel .env files an...

Androxgh0st Malware Uses Stealthy Tactics in Pilfering Credentials

Summary: The Androxgh0st malware is building a botnet, specifically aimed at illicitly obtaining cloud credentials from popular applications such as Amazon Web Services AWS, Microsoft Office 365, SendGrid, and Twilio. This stolen data is then utilized to disseminate additional harmful payloads...

FBI: Androxgh0st Malware Building Mega-Botnet for Credential Theft

By Deeba Ahmed The AndroxGh0st malware was initially reported in December 2022. This is a post from HackRead.com Read the original post: FBI: Androxgh0st Malware Building Mega-Botnet for Credential Theft...

Feds Warn of AndroxGh0st Botnet Targeting AWS, Azure, and Office 365 Credentials

The U.S. Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI warned that threat actors deploying the AndroxGh0st malware are creating a botnet for "victim identification and exploitation in target networks." A Python-based malware, AndroxGh0st was fir...

Known Indicators of Compromise Associated with Androxgh0st Malware

Actions to take today to mitigate malicious cyber activity: 1. Prioritize patching known exploited vulnerabilities in internet-facing systems. 2. Review and ensure only necessary servers and services are exposed to the internet. 3. Review platforms or services that have credentials listed in .env...

CISA and FBI Release Known IOCs Associated with Androxgh0st Malware

Today, CISA and the Federal Bureau of Investigation FBI released a joint Cybersecurity Advisory CSA, Known Indicators of Compromise Associated with Androxgh0st Malware, to disseminate known indicators of compromise IOCs and tactics, techniques, and procedures TTPs associated with threat actors...

New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms

A new Python-based hacking tool called FBot has been uncovered targeting web servers, cloud services, content management systems CMS, and SaaS platforms such as Amazon Web Services AWS, Microsoft 365, PayPal, Sendgrid, and Twilio. "Key features include credential harvesting for spamming attacks,...

Legion: Credential Harvesting & SMS Hijacking Malware Sold on Telegram

By Waqas The Legion malware is capable of stealing credentials from misconfigured or exposed servers and is linked to the AndroxGh0st malware family. This is a post from HackRead.com Read the original post: Legion: Credential Harvesting & SMS Hijacking Malware Sold on Telegram...

AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services

A new "comprehensive toolset" called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers. "The spread of AlienFox represents an unreported trend towards attacking more minimal cloud services,...