"AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services"
AlienFox, a new toolset enabling threat actors to harvest credentials from Application Programming Interface (API) keys and secrets from popular cloud service providers, is being distributed on Telegram. Alex Delamotte, a security researcher at SentinelOne, stated that the distribution of AlienFox indicates a trend toward attacking minimal cloud services unsuitable for cryptocurrency mining in order to enable and develop follow-up attacks. The cybersecurity company described the malware as highly modular and continually evolving to accommodate new features and improved performance. AlienFox's primary use is to identify misconfigured hosts using scanning platforms such as LeakIX and SecurityTrails, and then use the toolkit's scripts to extract credentials from configuration files on vulnerable servers. It involves scanning for vulnerable servers associated with web frameworks such as Laravel, Drupal, Joomla, Magento, Opencart, Prestashop, and WordPress. This article continues to discuss researchers' findings and observations regarding the AlienFox toolset.