"New Python-Based 'Legion' Hacking Tool Emerges on Telegram"

Legion, a new Python-based credential harvester and hacking tool, is being marketed via Telegram as a means for threat actors to infiltrate different online services for further abuse. Cado Labs reports that Legion includes modules for enumerating vulnerable SMTP servers, conducting Remote Code Execution (RCE) attacks, exploiting unpatched versions of Apache, and brute-forcing cPanel and WebHost Manager (WHM) accounts. The malware resembles another malware family named AndroxGh0st, which the cloud security services provider Lacework first documented in December 2022. In an analysis published late last month, the cybersecurity firm SentinelOne revealed that AndroxGh0st is part of a comprehensive toolset known as AlienFox that threat actors can use to steal Application Programming Interface (API) keys and secrets from cloud services. This article continues to discuss the new  Legion Python-based credential harvester and hacking tool. 

THN reports "New Python-Based 'Legion' Hacking Tool Emerges on Telegram"