As reported by Fear Researchthere is a large increase in infections caused by malware Androxgh0st.
At present they have been identified over 600 servers compromised, with a number likely to rise in the coming days. The malicious agent in question is exploiting several vulnerabilities, namely:
- CVE-2021-3129
- CVE-2024-1709
- CVE-2019-2725
affecting mainly servers located in the United States, Taiwan and India, creating a botnet continually expanding.
The experts at the Hackread.com site, for their part, have been monitoring Androxgh0st since its discovery, i.e. since the end of 2022. In this period of time, the malware has become available in various campaigns, among which the one aimed at spreading ransomware Adhublika.
Androxgh0st is used to build a botnet
According to expert reports, the operators behind the malware work with Laravel applications, exploited to steal credentials on cloud services such as AWS, SendGrid e Twilio.
The danger of Androxgh0st is such that it has forced even theFBI and the CISA. The two agencies, in fact, have issued a joint notice warning potential victims about the use of the aforementioned botnet.
The case of Androxgh0st, on the other hand, does not surprise cybersecurity experts that much. As demonstrated by some recent studies, botnets are now constantly growing and, in all likelihood, will be an increasingly widespread attack method over the next few years.
A botnet is a network made up of a large number of electronic devices infected with malware. These, defined as “bot“, are controlled by cybercriminals and are exploited to carry out cyber attacks. The main targets of cyber criminals are server e router.
Veriti’s discovery demonstrated once again how important it is not to be caught unprepared. In this regard, companies must promptly update their servers, adopting the most recent ones security patches provided by hardware manufacturers.