The FBI and CISA have issued a warning about a botnet that is using the Androxgh0st malware to steal cloud credentials and deliver malicious payloads. The botnet primarily targets .env files with confidential information in applications such as AWS, Twilio, and Microsoft Office 365. It exploits the Simple Mail Transfer Protocol (SMTP) to deploy web shells and exploit leaked credentials. The botnet has been observed checking accounts for email limits and creating fake pages on target websites for backdoor access to sensitive data. It also uses compromised AWS credentials to scan for vulnerable targets. Organizations are advised to keep their systems up to date, review interaction requests, and check for credentials in .env files to mitigate the threat. The FBI and CISA have requested affected organizations to report any information on attacks.
FBI Alert: Beware of Androxgh0st Malware Botnet
Latest from News
Screen Secrets: Keeping Digital Payments Safe with Threat Intelligence
TLDR: Mastercard acquired threat intelligence company Recorded Future for $2.65 billion, highlighting the importance of cybersecurity in digital payments. Threat intelligence plays a crucial
Fortinet’s data breach confirmed through third-party source
TLDR: Fortinet confirms the compromise of customer data leaked by a hacker named “Fortibitch” Data breach occurred via unauthorized access to a limited number
New CISA report links cyberattacks on critical infrastructure to Russia
TLDR: New joint advisory from CISA, FBI, and NSA ties recent cyber attacks on critical infrastructure to Russian GRU unit known as Unit 29155.
RansomHub boasts Kawasaki hack, threatens release of stolen information
TLDR: Kawasaki Motors Europe recovering from cyberattack by RansomHub ransomware gang RansomHub threatens to leak stolen data if demands aren’t met Kawasaki Motors Europe
Lazarus Group targets Python devs with fake jobs, coding malware
Summary of North Korean Hackers Targeting Python Devs TLDR: North Korean hackers have been targeting Python developers with malware disguised as coding tests for