Threat actors responsible for the multi-faceted Androxgh0st malware have built a botnet to expand their capabilities to identify and exploit vulnerable networks. The Androxgh0st botnet was being used to scan for .env files that contain confidential information such as credentials for cloud solutions including Amazon Web Services (AWS), Microsoft Office 365, SendGrid and Twilio, they said. The threat actors exploited a vulnerability discovered in 2018, CVE-2018-15133, which can allow remote code execution on unpatched Laravel applications. “This particular attack is using unpatched vulnerabilities first announced (and patched) three to seven years ago. The hackers and malware move where the technology moves.”The Python-based AndroxGh0st malware was first detected by Lacework in 2022.

Source: Punch January 17, 2024 16:51 UTC