Security News > 2023 > April > Credential harvesting malware appears on deep web
Legion targets various services for email exploitation, according to Cado, whose research indicates that Legion is likely linked to the AndroxGh0st malware family first reported in December 2022.
The report said Legion appears to be part of an emerging generation of hacking tools that aim to automate the credential harvesting process to compromise SMTP services.
"Scraping is the process of extracting useful data from web pages. In Legion's case, the popular Python web scraping library BeautifulSoup is used to scrape telephone numbers from the randomphonenumbers.com website," he said, adding that it uses SMTP credentials retrieved during the credential harvesting phase to send messages to the numbers.
How Legion differs from other credential harvesting tools.
Unlike other credential harvesting malware, Legion focuses on compromising SMTP services and exploitation of misconfigured web services to harvest credentials for abuse.
"Legion's credential harvesting relies on misconfigured web servers with exposed credentials," explained Muir.
News URL
https://www.techrepublic.com/article/legion-credential-malware/