AlienFox Malware Targets Web Frameworks like Drupal
A new toolkit named AlienFox targets misconfigured servers to steal credentials and secret data from popular cloud service providers. According to SentinelLabs, the threat actors deploying the malware rely on server misconfigurations associated with popular web frameworks, including Drupal. AlienFox also targets frameworks like WordPress, Laravel, Joomla, and Magento.
Researchers at SentinelLabs also found the malware to be highly modular. Analysts identified three versions of AlienFoX which date from February 2022. This indicates that the author of the toolkit is actively developing and improving the malicious tool. The modular nature enables it to use custom tools for separate acts.
AlienFox targets servers associated with popular web frameworks such as #Laravel, #Drupal, #Joomla, #Magento, #Opencart, #Prestashop, and #WordPress.— The Hacker News (@TheHackersNews) March 30, 2023
Recent versions of AlienFox can establish persistence on #AWS accounts, escalate privileges, and automate spam campaigns.…
As per reports, AlienFox uses data-extraction scripts to search for susceptible servers. Once the loopholes are exploited, the code extracts API keys, account credentials, and authentication tokens. SentinelLabs found the malware targeting sensitive data from cloud-based platforms, including AWS, Google Workspace, Office365, Mailgun, and Zoho. To step up defences against AlienFox, organizations are recommended to use configuration management best practices and adhere to the principle of least privilege (PoLP).
Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please let us know in the comments below and we will try to address the issue as best we can.