This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
RiskIQ’s research team has evaluated the familiar fingerprints campaign in dangerous infrastructure from famous malware families. Their examination of Agent Tesla infrastructure leads them to discover the employment of web solution stack installations for XAMPP Web Server. They examine these identified campaigns using their Internet Intelligence Graph.
The most recent investigation depicts a new insight into the ecosystem of Agent Tesla, the TTP its operatives utilize, and how RiskIQ users potentially can use the XAMPP web component to identify hosts that transmit malware and investigate other possibly harmful infrastructures.
XAMPP is an open-source web server solution stack package produced by Apache Friends, composed primarily of Apache HTTP Server, MariaDB database, and script interpreters created in the PHP and Perl programming languages. XAMPP is a free server solution stack. As the majority of current web server operations employ the same components as XAMPP, it makes it feasible to move from a local test server to a live server.
Neither the XAMPP is malevolent nor the hosts employing XAMPPA are always hostile. Everything which makes XAMPP useful for developers also provides an excellent tool for actors who threaten them and some malicious sites are using XAMPP to disseminate malware.
The web component of XAMPP obtained by the Internet Intelligence Graph of RiskIQ demonstrates that there are numerous XAMPP Internet-faced servers despite developing XAMPP without an internet connection.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: XAMPP Hosts are Employed to Distribute Agent Tesla