A comprehensive toolkit for obtaining credentials from various cloud service providers is called AlienFox. Attackers collect API keys and secrets from well-known services like Amazon SES & Microsoft Office 365 using AlienFox.
A modular toolkit called AlienFox has been mostly shared on Telegram as source code archives. Any would-be attacker can adopt particular modules by visiting GitHub.
AlienFox's rise reveals an unreported pattern towards attacking less complex cloud services—those inappropriate for cryptomining—in order to support and expand successive attacks. Critical information in cloud-based email and messaging systems is now potentially at risk of disclosure in massive amounts.
- Always have the most recent security patches and updates installed on your computer and applications.
- Establish and execute anti-virus and anti-malware software.
- Set up two-factor authentication on your accounts and use secure passwords.
- Always obtain and set up software from reliable sources.
- To manage incoming and outgoing network traffic, use a firewall.
- Use caution when opening email attachments or clicking on links from unidentified senders.
- Regularly backup your crucial files and data.
- When utilising public WiFi or viewing sensitive information, use a VPN.
- Keep an eye out for any strange behaviour in your accounts and credit reports.
- Disconnect your device from the network and get assistance if you think it may be affected.
- Create rules based on known indicators of threat group in the SIEM (Security incident event management) tool for detection of threat activity.
- Check the Task Manager for suspicious processes
- Check the Startup folder for suspicious files/programs
- Use a malware scanner
- Check for unusual network activity
- Keep your software updated
Indicators of Compromise (IOCs)
The IOCs can differ depending on the toolkit used by the hacker.
Androxgh0st is the most ubiquitous module in the AlienFox framework - (SHA1: 7848e53133f4470c29e33ee6dd87f8f326c5fa38)
The hacker news