FBI warns criminals are building a dangerous new botnet — and it’s after your Microsoft or AWS logins and more
Hackers are building a dangerous new botnet and are going after Microsoft and AWS assets in the process, a new security advisory released by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) has warned.
According to the advisory, researchers have spotted threat actors using the Androxgh0st malware to compromise computers and servers.
They were seen scanning endpoints for three remote code execution vulnerabilities: CVE-2017-9841, CVE-2021-41773, and CVE-2018-15133. By leveraging these flaws, the attackers would use Androxgh0st to grab .env files that contain sensitive data, including (among others) login credentials for AWS and MIcrosoft assets.
Mitigating the threat
Androxgh0st is capable of more than “just” compromising vulnerable devices and stealing login credentials. It can also abuse the Simple Mail Protocol (SMTP) and check to see the sending limit for the email accounts found on the breached computers. If the limit is satisfactory, the malware can be used to mount phishing and spam campaigns.
Furthermore, hackers can use the access to Microsoft and AWS assets to create fake pages on compromised websites, which further grants them backdoor access to databases with sensitive information.
To remain secure, the FBI and CISA say, organizations should make sure their operating systems, software, and firmware are all updated. Making sure their Apache servers aren’t running versions 2.4.49 or 2.4.50 was stressed as pivotal. Furthermore, they should make sure the default configuration for all URIs is to deny all requests, unless there’s a specific need for it to be accessible. Also, Laravel applications should not be in debug or testing mode, and cloud credentials should not be present in .env files.
The full list of the recommendations can be found on this BleepingComputer link.
CVE-2018-15133, described as Laravel deserialization of untrusted data vulnerability, was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog as being actively exploited.
More from TechRadar Pro
Hackers are building a dangerous new botnet and are going after Microsoft and AWS assets in the process, a new security advisory released by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) has warned. According to the advisory, researchers have spotted threat actors using the Androxgh0st malware to…
