Security News > 2024 > January > FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials
CISA and the FBI warned today that threat actors using Androxgh0st malware are building a botnet focused on cloud credential theft and using the stolen information to deliver additional malicious payloads.
"Androxgh0st is a Python-scripted malware primarily used to target.env files that contain confidential information, such as credentials for various high profile applications," the two agencies cautioned.
"Androxgh0st malware also supports numerous functions capable of abusing the Simple Mail Transfer Protocol, such as scanning and exploiting exposed credentials and application programming interfaces, and web shell deployment."
Upon successfully identifying and compromising AWS credentials on a vulnerable website, they've also tried creating new users and user policies.
Andoxgh0st operators use stolen credentials to spin up new AWS instances for scanning additional vulnerable targets across the Internet.
On a one-time basis for previously stored cloud credentials, and on an on-going basis for other types of credentials that cannot be removed, review any platforms or services that have credentials listed in the.
News URL
Related news
- Crooks stole AWS credentials from misconfigured sites then kept them in open S3 bucket (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)
- BadBox malware botnet infects 192,000 Android devices despite disruption (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- FBI wipes Chinese PlugX malware from over 4,000 US computers (source)
- FBI deletes Chinese PlugX malware from thousands of US computers (source)
- FBI wipes Chinese PlugX malware from thousands of Windows PCs in America (source)
- FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation (source)
- FBI removed PlugX malware from U.S. computers (source)