Security News > 2023 > March > New AlienFox toolkit steals credentials for 18 cloud services
A new modular toolkit called 'AlienFox' allows threat actors to scan for misconfigured servers to steal authentication secrets and credentials for cloud-based email services.
Researchers at SentinelLabs who analyzed AlienFox report that the toolset targets common misconfigurations in popular services like online hosting frameworks, such as Laravel, Drupal, Joomla, Magento, Opencart, Prestashop, and WordPress.
Threat actors use AlienFox to collect lists of misconfigured cloud endpoints from security scanning platforms like LeakIX and SecurityTrails.
AlienFox uses data-extraction scripts to search the misconfigured servers for sensitive configuration files commonly used to store secrets, such as API keys, account credentials, and authentication tokens.
The most recent version of AlienFox is v4, which features better code and script organization and targeting scope expansion.
The new "Wallet cracking" scripts indicate that the developer of AlienFox wants to expand the clientele for the toolset or enrich its capabilities to secure subscription renewals from existing customers.