FBI Alert: Beware of Androxgh0st Malware Botnet

The FBI and CISA have issued a warning about a botnet that is using the Androxgh0st malware to steal cloud credentials and deliver malicious payloads. The botnet primarily targets .env files with confidential information in applications such as AWS, Twilio, and Microsoft Office 365. It exploits the Simple Mail Transfer Protocol (SMTP) to deploy web shells and exploit leaked credentials. The botnet has been observed checking accounts for email limits and creating fake pages on target websites for backdoor access to sensitive data. It also uses compromised AWS credentials to scan for vulnerable targets. Organizations are advised to keep their systems up to date, review interaction requests, and check for credentials in .env files to mitigate the threat. The FBI and CISA have requested affected organizations to report any information on attacks.