Security News > 2023 > August > Agile Approach to Mass Cloud Credential Harvesting and Crypto Mining Sprints Ahead
Json from CRED FILE NAMES file name array to GCLOUD CREDS FILES file name array[+] added netrc, kubeconfig, adc.
Db from CRED FILE NAMES file name array[-] removed dload function[+] added commented dload function invocation for posting final results[+] added commented wget command to download and execute https://everlost.
a.l$(echo $RANDOM)[-] removed rm -f $LOCK FILE command[-] removed history -cw command at end of script[*] converted numerous long commands into shorter multi-line syntax----# v2(b9113ccc0856e5d44bab8d3374362a06) -> v3(d9ecceda32f6fa8a7720e1bf9425374f)[+] added execution of previously unused run aws grabber() function[+] added function get prov vars with nearly identical strings /proc/*/env* command found in previously removed strings proc aws function[+] added logic to search for files listed in previously unused file name arrays: AWS CREDS FILES, GCLOUD CREDS FILES[+] added new file name array MIXED CREDFILES=("redis.
Yaml to CRED FILE NAMES file name array[*] updated env to.
Env in CRED FILE NAMES file name array[-] removed config from AWS CREDS FILES file name array[*] updated echo output section header from INFO to AWS INFO[*] updated echo output section header from IAM to IAM USERDATA[*] updated echo output section header from EC2 to EC2 USERDATA[-] removed commented dload function invocation for posting final results----# v3(d9ecceda32f6fa8a7720e1bf9425374f) -> v4(0855b8697c6ebc88591d15b954bcd15a)[*] replaced strings /proc/*/env* command with cat /proc/*/env* command in get prov vars function[*] updated username and password to curl command from "Username=jegjrlgjhdsgjh" "Password=oeireopüigreigroei" to "username=1234" -F "password=5678"[*] updated FQDN for posting final results from everlost.
Ini from CRED FILE NAMES file name array----# v7(99f0102d673423c920af1abc22f66d4e) -> v8(5daace86b5e947e8b87d8a00a11bc3c5)[-] removed MIXED CREDFILES file name array[+] added new file name array DBS CREDFILES=("postgresUser.
News URL
https://thehackernews.com/2023/08/agile-approach-to-mass-cloud-credential.html
Related news
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- Hackers steal 15,000 cloud credentials from exposed Git config files (source)
- Gang gobbles 15K credentials from cloud and email providers' garbage Git configs (source)