Androxgh0st

Threat Actor updated 25 days ago (2024-08-14T09:52:17.458Z)

Download STIX

Preview STIX

Androxgh0st is a significant threat actor in the cybersecurity landscape, known for offering malware-as-a-service. This entity is responsible for the creation and distribution of a Python-scripted malware that primarily targets .env files containing confidential information from high-profile applications like Amazon Web Services (AWS), Microsoft Office 365, SendGrid, and Twilio within the Laravel web application framework. The malware, also referred to as an SMTP Cracker, is capable of scanning and exploiting exposed credentials and application programming interfaces (APIs), along with deploying web shells. The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have issued warnings about the Androxgh0st botnet used for victim identification and exploitation. Once a system is compromised, the threat actors deploy the Androxgh0st malware to download malicious files onto the host website's system. This botnet has been observed establishing networks for identifying and exploiting victims, posing substantial risk to cybersecurity infrastructure. Mitigation strategies suggested by the FBI and CISA include vigilance against the threat posed by Androxgh0st and its associated botnet. The threat actor's ability to sell access to the malware to other malicious entities increases the potential spread and impact of this threat. Given the malware's focus on vulnerable PHP and Laravel applications, organizations using these technologies should take particular care to secure their systems and protect sensitive data.

Description last updated: 2024-08-14T08:53:38.413Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Botnet

Exploit

Laravel

Remote Code ...

Apache

Aws

Credentials

CISA

Vulnerability

Web Shell

Fortiguard

Source

Exploits

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

ID	Type	Votes	Profile Description
CVE-2017-9841	Unspecified	3	CVE-2017-9841 is a critical vulnerability in the PHP testing framework, PHPUnit. It is a software flaw that allows attackers to gain initial access to systems by exploiting it to download and execute a Perl script, thereby opening a reverse shell on the compromised machine. This vulnerability was ac
CVE-2021-41773	Unspecified	3	CVE-2021-41773 is a significant software vulnerability identified in Apache HTTP Server 2.4.49, which pertains to an issue of path traversal. This flaw in the software's design or implementation allows an attacker to access sensitive information or execute arbitrary code on the server by exploiting

Source Document References

Information about the Androxgh0st Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	a month ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	a month ago	security-affairs-malware-newsletter-round-5
CERT-EU	8 months ago	FBI Warns Of Androxgh0st Malware
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
SANS ISC	2 months ago	Who You Gonna Call? AndroxGh0st Busters! [Guest Diary] - SANS Internet Storm Center
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	2 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Checkpoint	3 months ago	17th June – Threat Intelligence Report - Check Point Research
Securityaffairs	3 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Checkpoint	4 months ago	13th May – Threat Intelligence Report - Check Point Research
Fortinet	4 months ago	Key Findings from the 2H 2023 FortiGuard Labs Threat Report \| FortiGuard Labs
Securityaffairs	4 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs	5 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini