Androxgh0st malware hackers creating large botnet, CISA and FBI warn

The hackers behind the Androxgh0st malware are creating a powerful botnet, U.S. cybersecurity agencies warned on Tuesday.
On Tuesday, the FBI and Cybersecurity and Infrastructure Security Agency released a joint advisory on the malware, saying multiple ongoing investigations have allowed them to assess the tactics used by the threat actors deploying it.
The malware dates back to December 2022, when researchers at Lacework said they saw it used in campaigns to steal a wide variety of credentials.
Env files, which are commonly sought by threat actors because they store credentials and tokens.
The malware is used as part of an effort to scan and search for websites with specific vulnerabilities.
The malware also searches for websites using the Laravel framework - a tool used for the development of web applications.
Once the botnet finds websites using Laravel, hackers try to determine if certain files are exposed and contain credentials.
The advisory notes that Laravel is affected by CVE-2018-15133 - a vulnerability used by the botnet to access usernames, passwords, and other credentials for services like email and AWS accounts.
SMTP is used by mail servers to send, receive, and relay outgoing email between senders and receivers.
CISA added the vulnerability to its catalog of Known Exploited Vulnerabilities on Tuesday.
Federal civilian agencies have until February 6 to patch it.
Cybersecurity expert John Smith said AndroxGh0st is another example of the growing threats to cloud infrastructure.
The malware is used for cryptojacking, spamming, or malicious email campaigns and exploits unpatched vulnerabilities in web applications to move laterally and maintain persistence by creating accounts and elevating permissions.
Smith noted that because AndroxGh0st is exploiting exposed.
Env files and unpatched vulnerabilities, users are advised to inspect and monitor cloud environments regularly for any exposures and have a very aggressive policy for out-of-band patching.
Qualys' Ken Dunham noted that Fortinet reports around 40,000 compromised hosts as part of the botnet.
Southeast Asian casino industry supercharging cyber fraud, UN says.
Jonathan has worked across the globe as a journalist since 2014.
Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.
He previously covered cybersecurity at ZDNet and TechRepublic.


This Cyber News was published on therecord.media. Publication date: Tue, 16 Jan 2024 22:20:50 +0000


Cyber News related to Androxgh0st malware hackers creating large botnet, CISA and FBI warn

Hackers Building AndroxGh0st Botnet to Target AWS, O365, Feds Warn - The bad actors behind the Androxgh0st malware are building a botnet they can use to identify victims and exploit vulnerable networks to steal confidential information from such high-profile cloud applications as Amazon Web Services, Microsoft Office ...
10 months ago Securityboulevard.com
CISA and FBI Reveal Known Androxgh0st Malware IoCs and TTPs - CISA and FBI released an advisory on Androxgh0st malware IoCs and warned about hackers using this threat to steal credentials. Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to ...
10 months ago Heimdalsecurity.com
FBI disrupts Moobot botnet used by Russian military hackers - The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff in spearphishing and credential theft attacks targeting the United States and its allies. This network of hundreds of ...
9 months ago Bleepingcomputer.com
Androxgh0st malware hackers creating large botnet, CISA and FBI warn - The hackers behind the Androxgh0st malware are creating a powerful botnet, U.S. cybersecurity agencies warned on Tuesday. On Tuesday, the FBI and Cybersecurity and Infrastructure Security Agency released a joint advisory on the malware, saying ...
10 months ago Therecord.media
Androxgh0st Malware Botnet Steals AWS, Microsoft Credentials and More - The Federal Bureau of Investigation and Cybersecurity & Infrastructure Security Agency warned in a joint advisory about a threat actor deploying a botnet that makes use of the Androxgh0st malware. This malware is capable of collecting cloud ...
10 months ago Techrepublic.com
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
9 months ago Securityboulevard.com
US Gov Issues Warning for Androxgh0st Malware Attacks - The US cybersecurity agency CISA and the FBI have issued a joint advisory warning about the Androxgh0st malware creating a botnet to identify and target vulnerable networks. Written in Python, the agencies said the malware primarily targets. Env ...
10 months ago Securityweek.com
CISA: AWS, Microsoft 365 Accounts Under Active 'Androxgh0st' Attack - The FBI and the US Cybersecurity and Infrastructure Security Agency have issued an alert about a malware campaign targeting Apache webservers and websites using the popular Laravel Web application framework, leveraging known bugs for initial ...
10 months ago Darkreading.com
FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials - CISA and the FBI warned today that threat actors using Androxgh0st malware are building a botnet focused on cloud credential theft and using the stolen information to deliver additional malicious payloads. First spotted by Lacework Labs in 2022, the ...
10 months ago Bleepingcomputer.com
Imperva Uncovers New IoCs for AndroxGh0st Botnet - On January 16, a joint alert from FBI and CISA warned about a concerning development: the emergence of a botnet driven by AndroxGh0st malware targeting vulnerable applications and web servers. RoxGh0st is a Python-based malware, first seen in late ...
10 months ago Imperva.com
Stealthy KV-botnet hijacks SOHO routers and VPN devices - The Chinese state-sponsored APT hacking group known as Volt Typhoon has been linked to a sophisticated botnet named 'KV-botnet' since at least 2022 to attack SOHO routers in high-value targets. Volt Typhoon commonly targets routers, firewalls, and ...
11 months ago Bleepingcomputer.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
6 months ago Securityaffairs.com
CISA and FBI Release Known IOCs Associated with Androxgh0st Malware - Today, CISA and the Federal Bureau of Investigation released a joint Cybersecurity Advisory, Known Indicators of Compromise Associated with Androxgh0st Malware, to disseminate known indicators of compromise and tactics, techniques, and procedures ...
10 months ago Cisa.gov
Chinese hackers hid in US infrastructure network for 5 years - The Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and ...
9 months ago Bleepingcomputer.com
FBI: Beware of cloud-credential thieves building botnets The Register - Crooks are exploiting years-old vulnerabilities to deploy Androxgh0st malware and build a cloud-credential stealing botnet, according to the FBI and the Cybersecurity and Infrastructure Security Agency. In a joint warning issued on Tuesday, the US ...
10 months ago Go.theregister.com
Bigpanzi botnet infects 170,000 Android TV boxes with malware - A previously unknown cybercrime syndicate named 'Bigpanzi' has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015. Beijing-based Qianxin Xlabs reports that the threat group controls a ...
10 months ago Bleepingcomputer.com
US Congress Report Calls for Privacy Reforms After FBI Surveillance 'Abuses' - The FBI and the Biden administration at large have lobbied Congress to reauthorize the 702 program as is, ignoring calls for reform that have grown louder since the beginning of the year, manifesting this month in the form of a comprehensive privacy ...
1 year ago Wired.com
Qbot malware returns in campaign targeting hospitality industry - The QakBot malware is once again being distributed in phishing campaigns after the botnet was disrupted by law enforcement over the summer. In August, a multinational law enforcement operation called Operation Duck Hunt accessed the QakBot admin's ...
11 months ago Bleepingcomputer.com
PurpleFox malware infected thousands of systems in Ukraine - The Computer Emergency Response Team in Ukraine is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country. The exact impact of this widespread infection and whether it has affected state organizations or ...
10 months ago Bleepingcomputer.com
PurpleFox malware infects thousands of computers in Ukraine - The Computer Emergency Response Team in Ukraine is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country. The exact impact of this widespread infection and whether it has affected state organizations or ...
10 months ago Bleepingcomputer.com
Types of Malware and How To Prevent Them - Malware is one of the biggest security threats to any type of technological device, and each type of malware uses unique tactics for successful invasions. Even if you've downloaded a VPN for internet browsing, our in-depth guide discusses the 14 ...
5 months ago Pandasecurity.com
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
2 months ago Therecord.media
How to Remove Malware + Viruses - Malware removal can seem daunting after your device is infected with a virus, but with a careful and rapid response, removing a virus or malware program can be easier than you think. We created a guide that explains exactly how to rid your Mac or PC ...
7 months ago Pandasecurity.com
Massive 911 S5 Botnet Dismantled, Chinese Mastermind Arrested - The US Justice Department announced on Wednesday that the massive 911 S5 proxy botnet has been dismantled and its alleged administrator, a Chinese national, has been arrested. The Treasury Department earlier this week announced sanctions against ...
6 months ago Packetstormsecurity.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
6 months ago Cybersecurity-insiders.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)