FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials
Posted: Wed Jan 17, 2024 1:50 pm
CISA and the FBI warned today that threat actors using Androxgh0st malware are building a botnet focused on cloud credential theft and using the stolen information to deliver additional malicious payloads.
This botnet was first spotted by Lacework Labs in 2022 and was controlling over 40,000 devices almost one year ago, according to Fortiguard Labs data.
It scans for websites and servers vulnerable to the following remote code execution (RCE) vulnerabilities: CVE-2017-9841 (PHPUnit unit testing framework), CVE-2021-41773 (Apache HTTP Server), and CVE-2018-15133 (Laravel PHP web framework).
[...]
FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials
This botnet was first spotted by Lacework Labs in 2022 and was controlling over 40,000 devices almost one year ago, according to Fortiguard Labs data.
It scans for websites and servers vulnerable to the following remote code execution (RCE) vulnerabilities: CVE-2017-9841 (PHPUnit unit testing framework), CVE-2021-41773 (Apache HTTP Server), and CVE-2018-15133 (Laravel PHP web framework).
[...]
FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials