Threat actors can use a new modular toolkit called ‘AlienFox’ to scan for misconfigured servers and steal authentication secrets and credentials for cloud-based email services.
The toolkit is sold to cybercriminals through a private Telegram channel, which has become a common transaction channel for malware authors and hackers.
According to SentinelLabs researchers who examined AlienFox, the toolset targets common misconfigurations in popular services such as online hosting frameworks such as Laravel, Drupal, Joomla, Magento, Opencart, Prestashop, and WordPress.
Analysts discovered three versions of AlienFox, indicating that the toolkit’s author is actively developing and improving the malicious tool.
Analysts discovered three versions of AlienFox, indicating that the toolkit’s author is actively developing and improving the malicious tool.
AlienFox is after your secrets
AlienFox is a modular toolset made up of a variety of custom tools and modified open-source utilities created by various authors. It is used by threat actors to collect lists of misconfigured cloud endpoints from security scanning platforms such as LeakIX and SecurityTrails.
Then, AlienFox searches the misconfigured servers for sensitive configuration files commonly used to store secrets, such as API keys, account credentials, and authentication tokens, using data-extraction scripts.
1and1, A
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article. 
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: