Network Security, Malware, Breach and attack simulation

Androxgh0st malware ramps up global attacks

cyber threat risk management , malware and virus prevention , security awareness

More than 600 servers worldwide have been subjected to recent attacks with the Androxgh0st malware, reports Hackread.

The U.S., India, and Taiwan accounted for the bulk of the impacted servers, which were compromised by Androxgh0st malware operators through web shells deployed via the exploitation of several security vulnerabilities, including CVE-2019-2725, CVE-2021-3129, and CVE-2024-1709, a report from Veriti Research revealed.

Such a development comes months after Androxgh0st operators, which were initially known for the Adhublika ransomware, were noted by a joint Cybersecurity and Infrastructure Security Agency and FBI warning to have been facilitating backdoor access and credential exfiltration through a new botnet.

Numerous Laravel apps have also been leveraged by the malware operation to enable the theft of Amazon Web Services, Twilio, and SendGrid accounts, according to the joint advisory that also noted web shell deployment through Apache web server and PHP framework exploits.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.