AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services

Threat actors are using a new “complete toolset” dubbed AlienFox, which is being distributed on Telegram, to gather login information from API keys and secrets of well-known cloud service providers. According to a study shared with The Hacker News by SentinelOne security researcher Alex Delamotte, the spread of AlienFox “represents an undetected trend towards attacking more limited cloud services, unsuited for crypto mining, in order to enable and expand following campaigns.”

The malware was described by the cybersecurity firm as being very modular and continually changing to accommodate new features and performance enhancements. Using scanning tools like LeakIX and SecurityTrails to identify misconfigured hosts, AlienFox’s main function is to use the toolkit’s different scripts to retrieve passwords from configuration files exposed on the servers.

AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services

30-Mar-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address