U.S. Federal Agencies Send Out Warnings About Androxgh0st Malware Botnet

• The FBI and CISA have sent out warnings about a growing botnet that works on the Androxgh0st malware.
• Federal agencies have warned about the threat of victim identification and the exploitation of targeted networks by abusing the Simple Mail Transfer Protocol (SMTP).

U.S. federal agencies, including the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), have rung alarm bells about threat actors building a major botnet based on the Androxgh0st malware to deliver malicious payloads following the theft of cloud credentials.

🚨 New #CybersecurityOpens a new window Advisory: @CISAgovOpens a new window & @FBIOpens a new window released details on #Androxgh0stOpens a new window Malware, including #TTPsOpens a new window , #IOCsOpens a new window & mitigations. Organizations are strongly advised to implement recommended mitigations. Stay proactive against cyber threats! 🛡️https://t.co/NsoyVyomBw pic.twitter.com/v9jhkTR9mMOpens a new window

— CISA Cyber (@CISACyber) January 16, 2024Opens a new window

The Androxgh0st malware is a Python-based script primarily targeting .env files with confidential information in applications such as Amazon Web Services (AWS), Twilio, Microsoft Office 365, and more. The malware exploits the Simple Mail Transfer Protocol for web shell deployment and exploits leaked credentials.

See More: Pandemic of Deception: Misinformation and Disinformation Ranked as Top Global Risks by WEF

This botnet was first observed in 2022 by Lacework Labs and, within a year, was in control of over 40,000 devices. Essentially, it scans servers and websites with specific remote code execution vulnerabilities CVE-2021-41773 (Apache HTTP Server), CVE-2017-9841 (PHPUnit unit testing framework), and CVE-2018-15133 (Laravel PHP web framework).

Threat actors using the botnet have been observed to check accounts for email limits to enable spamming operations. Malicious actors have also created fake pages on target websites, allowing backdoor access to sensitive data. They can also use compromised AWS credentials to scan for susceptible targets across the internet.

The FBI and CISA have asked organizations suspected of being affected to report information on such purported attacks. Keeping systems up to date, reviewing interaction requests, and checking platforms for credentials in .env files are some of the recommended best practices federal agencies have asked organizations to follow to mitigate the threat.

What do you think about the threat emerging from malware botnets? Let us know your thoughts on LinkedInOpens a new window , XOpens a new window , or FacebookOpens a new window . We’d love to hear from you!

Image source: Shutterstock

LATEST NEWS STORIES

• AI Models Can Be Trained To Develop Deceptive Behavior Finds Anthropic
• Apple Shuts Down AI Team in San Diego, Could Result in Job Cuts
• Google Gets Rid of Fees To Transfer Data Out of Cloud Platform
• Big Tech Companies Start 2024 With New Round of Layoffs