Anonymous 🐈️🐾☕🍵🏴🇵🇸 
⚠️ Androxgh0st botnet is back and evolving
🎯 Targets US universities including UC San Diego
💥 Uses RCE, JNDI, OGNL, web shells
🛡️ Patch devices now!
🔗 https://hackread.com/androxgh0st-botnet-expand-exploit-us-university-servers/
Hackread.com⚠️ Androxgh0st botnet is back and evolving
🎯 Targets US universities including UC San Diego
💥 Uses RCE, JNDI, OGNL, web shells
🛡️ Patch devices now!
🔗 https://hackread.com/androxgh0st-botnet-expand-exploit-us-university-servers/
#Botnet con acento #italiano: #Ballista penetra en los #enrutadores #TPLink
https://www.securitylab.lat/news/557232.php?utm_referrer=https%3A%2F%2Fmas.to%2F%40KNTRO
#Enrutador #Router #Routers #TP_Link #Archer #TPLinkArcher #TP_Link_Archer #Cato #CatiNetworks #TPLinkArcherAX21 #ArcherAX21 #AX21 #TP_LinkArcherAX_21 #Condi #AndroxGh0st #AndroxGhost #dropbpd #dropbpdsh #dropbpd_sh #mips #arm #x8664 #x86_64 #DoS #Exploiter #TOR #Censys #Brasil #México #Italia #Mirai #Mozi #Botnets
Not SimonJuniper provides a technical analysis of AndroxGh0st, a Python-based malware designed to target Laravel applications. The Androxgh0st malware leverages three critical vulnerabilities, all three of which are in the CISA KEV Catalog: Androxgh0st exploits CVE-2021-41773 as its first foothold, then gaining RCE through both CVE-2017-9841 and CVE-2018-15133 (which exploits weaknesses in XSRF-TOKEN handling). IOC provided. 🔗 https://blogs.juniper.net/en-us/security/shielding-networks-against-androxgh0st
#AndroxGh0st #thratintel #Laravel #CVE_2021_41773 #CVE_2017_9841 #CVE_2018_15133 #IOC
Shielding Networks From Androxgh0st | Official Juniper Networks Blogs
AndroxGh0st is a Python-based malware designed to target Laravel applications. It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio. Classified as an SMTP cracker, it exploits SMTP using various strategies such as credential exploitation, web shell deployment and vulnerability scanning. While its ability to generate AWS keys hints at potential brute force attacks, this aspect remains more of a novelty. The primary goal is clear: compromise and extract critical data from Laravel applications, emphasizing the need for robust cybersecurity measures.
k3ym𖺀🎦 Watch @FortiGuardLabs' Jonas Walker dissect the latest Outbreak Alert, #Androxgh0st Malware Attack - a python-based malware, which targets user environment (.env) files.
👉 Watch the full video: https://www.youtube.com/watch?v=zEVXqcHVr_o
📲 Subscribe to Outbreak Alerts: https://ftnt.net/6050TRHtg
#threatintel #cti #cybersecurity security
Androxgh0st Malware Attack | FortiGuard Labs Outbreak Alert
Scripter 
Feds Warn of AndroxGh0st Botnet Targeting AWS, Azure, and Office 365 Credentials
https://thehackernews.com/2024/01/feds-warn-of-androxgh0st-botnet.html #Cybercrime #Botnet #AndroxGh0st
https://thehackernews.com/2024/01/feds-warn-of-androxgh0st-botnet.html #Cybercrime #Botnet #AndroxGh0st
🛡 
"⚠️ Alert: Androxgh0st Botnet Targets AWS & Microsoft Credentials! 🚨"
The cybersecurity realm is on high alert with the emergence of Androxgh0st, a botnet malware exploiting vulnerabilities to steal AWS and Microsoft credentials. It's a Python-scripted threat, targeting sensitive .env files and leveraging SMTP for credential scanning and web shell deployment. Key vulnerabilities exploited include CVE-2017-9841, CVE-2018-15133, and CVE-2021-41773, allowing remote code execution and file uploads. This critical development warrants immediate attention and proactive defense strategies.
Tags: #CyberSecurity #Botnet #Androxgh0st #Vulnerability #AWS #Microsoft #SMTP #PHP #CVE20179841 #CVE201815133 #CVE202141773 #RemoteCodeExecution #CyberAttack
Sources:
- "Androxgh0st Botnet Malware Steals AWS, Microsoft Credentials" by Tushar Subhra Dutta on GBHackers. https://gbhackers.com/androxgh0st-botnet-malware/
- "US Gov Issues Warning for Androxgh0st Malware Attacks" by Ionut Arghire on SecurityWeek. https://www.securityweek.com/us-gov-issues-warning-for-androxgh0st-malware-attacks/
Mitre - CVE-2017-9841
Mitre - CVE-2018-15133
Mitre - CVE-2021-41773
securityaffairs#FBI, #CISA warn of #AndroxGh0st #botnet for victim identification and exploitation
https://securityaffairs.com/157622/cyber-crime/androxgh0st-botnet-alert.html
#securityaffairs #hacking #malware
https://securityaffairs.com/157622/cyber-crime/androxgh0st-botnet-alert.html
#securityaffairs #hacking #malware
ricardo 
#FBI: #Androxgh0st malware botnet steals #AWS, #Microsoft credentials
ottoto「 #FBI : #Androxgh0st #マルウェア ボットネットが #AWS と #Microsoft の認証情報を盗む 」: BLEEPINGCOMPUTER
「CISA と FBI は本日、Androxgh0st マルウェアを使用する攻撃者がクラウド資格情報の盗難に焦点を当てたボットネットを構築し、盗まれた情報を使用して追加の悪意のあるペイロードを配信していると警告しました。
2022 年に Racework Labs によって初めて発見された このボットネットは、PHPUnit 単体テスト フレームワーク、PHP Web フレームワーク、リモート コード実行 (RCE) の脆弱性のあるバージョンの Apache Web サーバーを使用して、Web サイトとサーバーをスキャンします。 」