Botnet threat

FBI-CISA Advisory Warns Against Credential-Stealing Androxgh0st Malware

A joint advisory from the FBI and the Cybersecurity and Infrastructure Security Agency has warned that hackers are deploying the Androxgh0st malware to maliciously gather credentials from popular applications, such as Amazon Web Services and Microsoft Office 365, in a bid to create a powerful computer bug. The Androxgh0st malware has compromised about 40,000 hosts, according to an analysis of cybersecurity company Fortinet in January 2023.

Researchers from the Santa Monica, California-based cloud security automation company Lacework first observed the Androxgh0st malware being used to steal credentials in December 2022, The Record reported Tuesday.

The hackers’ common search targets are .env files, which store credentials that can be used to identify potential victims in popular network applications, according to the FBI-CISA advisory.

The advisory also notes that the Simple Mail Transfer Protocol is another Androxgh0st target, with the malware’s capability to scan and exploit vulnerabilities, such as exposed credentials and application programming interfaces. In addition, the malware focuses its search on websites featuring the free and open-source Laravel framework for developing web applications and can leave certain files exposed and vulnerable to botnet attacks.