Androxgh0st Malware Attack
Watch Video
Androxgh0st Malware Attack Video
Actively stealing credentials in the wild
FortiGuard Labs continue to observe widespread activity of Androxgh0st Malware in the wild exploiting multiple vulnerabilities, specifically targeting- the PHPUnit (CVE-2017-9841), Laravel Framework (CVE-2018-15133) and Apache Web Server (CVE-2021-41773) to spread and conduct information gathering attacks on the target networks Learn More »
Common Vulnerabilities and Exposures
Background
AndroxGh0st malware is a python-based malware, which primarily targets user environment (.env) files. These files may contain credentials for various high-profile applications such as AWS, O365, SendGrid, and Twilio. AndroxGh0st has numerous malicious functions to abuse SMTP, scan and exploit exposed credentials and APIs, and deploy web shell to maintain persistent access to systems
Threat Radar Overall Score: 4.8
CVSS Rating | 9.0 | |
FortiRecon Score | 92/100 | |
Known Exploited | Yes | |
Exploit Prediction Score | 97.49% | |
FortiGuard Telemetry | 76403 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
March 17, 2023: FortiGuard Labs released a Threat Signal
https://www.fortiguard.com/threat-signal-report/5066
January, 2024: FortiGuard Labs continue to block AndroxGh0st malware activity on more than 40,000+ unique FortiGate devices a day on average.
January 16, 2024: The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released the joint Cybersecurity Advisory (CSA) to share known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with threat actors deploying Androxgh0st malware.
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-016a
Fortinet customers remain protected by the IPS signatures for all related vulnerabilities (CVE-2021-41773, CVE-2017-9841, CVE-2018-15133) however, users are requested to review the related CVEs and make sure all operating systems, software, and firmware up to date.
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
AV
-
AV (Pre-filter)
-
IPS
-
Web App Security
-
Outbreak Detection
-
Threat Hunting
-
Content Update
-
Assisted Response Services
-
Automated Response
-
NOC/SOC Training
-
End-User Training
-
Attack Surface Hardening
-
Business Reputation
AV Detects and blocks known Androxgh0st Malware related files
AV (Pre-filter) Detects and blocks known Androxgh0st Malware related files
IPS Detects and blocks Androxgh0st Malware Attack
Web App Security Detects and blocks Androxgh0st Malware Attack
Outbreak Detection
Threat Hunting
Content Update
Assisted Response Services Experts to assist you with analysis, containment and response activities.
Automated Response Services that can automaticlly respond to this outbreak.
NOC/SOC Training Train your network and security professionals and optimize your incident response to stay on top of the cyberattacks.
End-User Training Raise security awareness to your employees that are continuously being targetted by phishing, drive-by download and other forms of cyberattacks.
Attack Surface Hardening Check Security Fabric devices to build actionable configuration recommendations and key indicators.
Business Reputation Know attackers next move to protect against your business branding.
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
Mitre Matrix
Click here for the ATT&CK Matrix
References
Sources of information in support and relation to this Outbreak and vendor.