AlienFox malware caught in the cloud hen house

2023-03-30 21:30

The AlienFox toolkit is being hawked on Telegram as a way to compromise misconfigured hosts on cloud services platforms and harvest sensitive information like API keys and other secrets, according to security shop SentinelOne.

While the AlienFox scripts can be used against a range of web services, they primarily target cloud-based and software-as-a-service email hosting services, Delamotte wrote.

The AlienFox scripts check for cloud services and includes a list of targets that are generated by a separate script, such as grabipe.

Given the massive amounts of sensitive data in cloud-based email and messaging systems that now are at "Severe risk of exposure," the threat represented by AlienFox is a worry, according to Dan Benjamin, co-founder and CEO of cloud data security startup Dig Security.

"The emergence of toolkits like AlienFox underscores the increasing sophistication of attacker networks and their collective ability to cause harm and disruption," Benjamin told The Register.

SentinelOne has detected three versions of AlienFox dating back to February 2022 and some of the scripts found has been tagged as malware families by other researchers, such as Androxgh0st by Lacework.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/03/30/alienfox_malicious_cloud_toolkit/

#cloud #malware

News URL

Related news