Trending

Kenya Faces Tax Shake-Up: Impact on Digital Services & Startups

East Africa Internet Outage: Undersea Cable Breaks Disrupt Connectivity

Zimbabwe Politician’s Son Arrested for Illegally Possessing Starlink Terminal

Airtel Africa’s Mobile Money IPO: Expanding Horizons in 2025

Unveiling Africa’s Top Ten Tech Sectors: Transforming Industries and Empowering Communities

Building Investment-Worthy Startups: Strategies for Success

WhatsApp Introduces Chat Filters: Streamlining Message Management for Users

Unraveling Bitcoin’s Energy Appetite: Understanding Mining and Environmental Impact

Baobab Network Acquires Reflector Marketing: Boosting Support for African Startups

Google rolls out Gemini in Android Studio for coding assistance

DECEMBER 9, 2022
Insights Security

“Beware: AndroxGh0st Botnet Strikes! Feds Issue Alert as Cyber Threat Targets AWS, Azure, and Office 365 Credentials.”

  • by TechBoy
  • January 18, 2024
  • 2 minute read
“Beware: AndroxGh0st Botnet Strikes! Feds Issue Alert as Cyber Threat Targets AWS, Azure, and Office 365 Credentials.”

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a warning about the AndroxGh0st malware, which is being employed by threat actors to build a dangerous botnet for victim identification and exploitation in target networks. This Python-based malware, initially documented by Lacework in December 2022, has inspired similar tools like AlienFox, GreenBot, Legion, and Predator.

AndroxGh0st targets servers with known security flaws, gaining access to Laravel environment files and pilfering credentials from high-profile applications including AWS, Microsoft Office 365, SendGrid, and Twilio. Exploiting notable vulnerabilities such as PHPUnit, Apache HTTP Server, and Laravel Framework, the malware exhibits features for SMTP abuse, scanning, exploitation of credentials and APIs, and deploying web shells. For AWS, it not only scans and parses keys but can also generate keys for brute-force attacks.

Compromised AWS credentials are utilized to create new users, user policies, and set up additional AWS instances for malicious scanning. This makes AndroxGh0st a potent threat, enabling the download of additional payloads and ensuring persistent access to compromised systems.

CISA’s advisory highlights the rarity of cloud-focused malware advisories. The emergence of FBot, a related tool revealed by SentinelOne, further emphasizes the evolving landscape of cloud threats. As threat actors find new ways to exploit cloud services, tailored tools like AndroxGh0st and FBot are expected to continue emerging.

NETSCOUT’s alert reveals a significant spike in botnet scanning activity since mid-November 2023, reaching nearly 1.3 million distinct devices on January 5, 2024. The majority of source IP addresses are associated with the U.S., China, Vietnam, Taiwan, and Russia. The analysis indicates a rise in the use of cheap or free cloud and hosting servers for creating botnet launch pads, utilizing trials, free accounts, or low-cost accounts to maintain anonymity and minimal overhead.

TechBoy

Editor

Previous Article

Crypto Crime Coup: 29-Year-Old Ukrainian Mastermind Nabbed in Epic Takedown for Exploiting Cloud Services in Cryptojacking Spree!

January 18, 2024
Next Article

Launching a custom chatbot on OpenAI’s GPT Store

January 19, 2024

Related Post

InsightsSecurity

Keep children safe from cyberthreats

January 19, 2024
BlackRhinovr
InsightsStartups

BlackRhino VR Unveils MediAR: Empowering African Creators with AR Technology

December 18, 2023
InsightsStartups

Building Investment-Worthy Startups: Strategies for Success

May 7, 2024




whatApp channel


wingu store
wingu store