Cado Security will release a report on a newly discovered Python-based credential harvester and hacktool called Legion, which targets various services for email exploitation. Cado’s research indicates that Legion is likely linked to the AndroxGh0st malware family, first reported in December 2022. Interestingly, the tool is being marketed and sold via Telegram messenger.
Legion is designed to exploit web servers running CMS, PHP, or PHP-based frameworks. It can retrieve credentials for a wide range of web services, such as email providers, cloud service providers, server management systems, databases, and payment platforms like Stripe and PayPal. Furthermore, Legion can hijack SMS messages and compromise AWS credentials.
A unique aspect of Legion, not previously covered in the research, is its ability to send SMS spam messages to users of mobile networks in the United States. The report will provide a comprehensive list of targeted carriers, including AT&T, Sprint, Verizon, and others.
Cado Labs discovered a YouTube channel containing tutorial videos on Legion, indicating that the tool is widely distributed and likely paid malware. Cado also found several Indonesian-language comments, suggesting the developer may be Indonesian or based in Indonesia.
You can read the report here.
Like this:
Like Loading...
Related
This entry was posted on April 13, 2023 at 8:54 am and is filed under Commentary with tags Cado Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
New Python-Based Credential Harvester & Hacktool Malware Emerges: Cado Security
Cado Security will release a report on a newly discovered Python-based credential harvester and hacktool called Legion, which targets various services for email exploitation. Cado’s research indicates that Legion is likely linked to the AndroxGh0st malware family, first reported in December 2022. Interestingly, the tool is being marketed and sold via Telegram messenger.
Legion is designed to exploit web servers running CMS, PHP, or PHP-based frameworks. It can retrieve credentials for a wide range of web services, such as email providers, cloud service providers, server management systems, databases, and payment platforms like Stripe and PayPal. Furthermore, Legion can hijack SMS messages and compromise AWS credentials.
A unique aspect of Legion, not previously covered in the research, is its ability to send SMS spam messages to users of mobile networks in the United States. The report will provide a comprehensive list of targeted carriers, including AT&T, Sprint, Verizon, and others.
Cado Labs discovered a YouTube channel containing tutorial videos on Legion, indicating that the tool is widely distributed and likely paid malware. Cado also found several Indonesian-language comments, suggesting the developer may be Indonesian or based in Indonesia.
You can read the report here.
Share this:
Like this:
Related
This entry was posted on April 13, 2023 at 8:54 am and is filed under Commentary with tags Cado Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.