image credit: kjpargeter / Freepik

FBI warns against cloud credential-stealing Androxgh0st botnet

January 17, 2024

The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency (CISA) have published an urgent advisory about the Androxgh0st botnet, which is being used to steal cloud credentials from major platforms, including AWS, SendGrid, and Microsoft Office 365.

Initially identified by Lacework Labs in 2022, Androxgh0st is a Python-scripted malware designed to infiltrate and exploit vulnerabilities in various web frameworks and servers, primarily targeting .env files that store sensitive cloud credentials.

Read More on CSO Online