More than 600 servers worldwide have been subjected to recent attacks with the Androxgh0st malware, reports Hackread.
The U.S., India, and Taiwan accounted for the bulk of the impacted servers, which were compromised by Androxgh0st malware operators through web shells deployed via the exploitation of several security vulnerabilities, including CVE-2019-2725, CVE-2021-3129, and CVE-2024-1709, a report from Veriti Research revealed.
Such a development comes months after Androxgh0st operators, which were initially known for the Adhublika ransomware, were noted by a joint Cybersecurity and Infrastructure Security Agency and FBI warning to have been facilitating backdoor access and credential exfiltration through a new botnet.
Numerous Laravel apps have also been leveraged by the malware operation to enable the theft of Amazon Web Services, Twilio, and SendGrid accounts, according to the joint advisory that also noted web shell deployment through Apache web server and PHP framework exploits.
