AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services


Threat actors are using a new “complete toolset” dubbed AlienFox, which is being distributed on Telegram, to gather login information from API keys and secrets of well-known cloud service providers.¬†According to a study shared with The Hacker News by SentinelOne security researcher Alex Delamotte, the spread of AlienFox “represents an undetected trend towards attacking more limited cloud services, unsuited for crypto mining, in order to enable and expand following campaigns.”

The malware was described by the cybersecurity firm as being very modular and continually changing to accommodate new features and performance enhancements. Using scanning tools like LeakIX and SecurityTrails to identify misconfigured hosts, AlienFox’s main function is to use the toolkit’s different scripts to retrieve passwords from configuration files exposed on the servers.

Read More…