AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,060
Content source
https://thehackernews.com/2023/03/alienfox-malware-targets-api-keys-and.html
A new "comprehensive toolset" called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers.

"The spread of AlienFox represents an unreported trend towards attacking more minimal cloud services, unsuitable for crypto mining, in order to enable and expand subsequent campaigns," SentinelOne security researcher Alex Delamotte said in a report shared with The Hacker News.

The cybersecurity company characterized the malware as highly modular and constantly evolving to accommodate new features and performance improvements.
Click to expand...
thehackernews.com

AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services

AlienFox, a highly modular & constantly evolving toolset distributed on Telegram, enables attackers to harvest API keys & secrets from cloud services.
thehackernews.com thehackernews.com

Executive Summary​

  • SentinelLabs analyzed several iterations of “AlienFox,” a comprehensive toolset for harvesting credentials for multiple cloud service providers.
  • Attackers use AlienFox to harvest API keys & secrets from popular services including AWS SES & Microsoft Office 365.
  • AlienFox is a modular toolset primarily distributed on Telegram in the form of source code archives. Some modules are available on GitHub for any would-be attacker to adopt.
  • The spread of AlienFox represents an unreported trend towards attacking more minimal cloud services, unsuitable for cryptomining, in order to enable and expand subsequent campaigns.
  • Along with our thorough analysis of different AlienFox iterations, we provide a full list of indicators of compromise, YARA rules, and recommendations in the full report.
Click to expand...
www.sentinelone.com

Dissecting AlienFox | The Cloud Spammer’s Swiss Army Knife

A sophisticated new toolset is being used to harvest credentials from multiple cloud service providers, including AWS SES and Microsoft Office 365.
www.sentinelone.com www.sentinelone.com
 
  • Like
  • +Reputation
Reactions: vtqhtr413, Andy Ful, upnorth and 3 others
You must log in or register to reply here.

Similar threads

Lymphocyte
    • Like
    • +Reputation
Security News ESET repports that OilRig’s persistent attacks using cloud service-powered downloaders
Replies
0
Views
2,473
Security News
Lymphocyte
Lymphocyte
R
    • Like
  • Locked
Norton Security Review 2017
Replies
0
Views
4,013
Norton
ras74
R

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top