"AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials"

Researchers have detailed "AndroxGh0st," a tool used to target Laravel applications and steal sensitive data. It scans and extracts important information from .env files, revealing login information for Amazon Web Services (AWS) and Twilio. It is classified as an SMTP cracker, exploiting SMTP through different strategies, including credential exploitation, web shell deployment, and vulnerability scanning. Threat actors have been using AndroxGh0st to access Laravel .env files and steal credentials for cloud-based applications. Attack chains involving the Python malware have been known to exploit security vulnerabilities in Apache HTTP Server, Laravel Framework, and PHPUnit to gain initial access, as well as for privilege escalation and persistence. This article continues to discuss new findings regarding the AndroxGh0st malware. 

THN reports "AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials"

Submitted by grigby1