New malware named AlienFox is being used to steal data from AWS, Google Cloud, and Microsoft.
The malware is being distributed primarily on Telegram.
The main use of AlienFox is to enumerate misconfigured hosts via scanning platforms like LeakIX and SecurityTrails, and then extract credentials that are stored on servers.
- This malware specifically targets servers that are used in conjunction with popular web frameworks such as:
- WordPress
- Laravel,
- Drupal,
- Magento, etc.
- Researchers have stated that they have tracked three variants starting in early 2022.
- Its most recent addition is the ability to create a new Amazon account using specific email addresses that are not linked with any accounts already.
- According to researchers, being breached through this flaw could lead to extra service costs and loss of customer trust.
