AlienFox – A Hacking Toolkit That Steals Credentials

ByKaty Wilson

Apr 15, 2023
AlienFox – A Hacking Toolkit That Steals Credentials
AlienFox – A Hacking Toolkit That Steals Credentials

A lately came upon complete toolset dubbed AlienFox toolkit is circulating on Telegram. 

It’s a modular set of gear that permits malicious actors to scan for poorly configured servers, probably resulting in the robbery of cloud-based e-mail carrier credentials and authentication secrets and techniques.

SentinelOne safety researcher Alex Delamotte said:-

“A brand new development in cyberattacks comes to exploiting much less complicated cloud products and services which are wrong for cryptocurrency mining. The unfold of AlienFox is an instance of this development, because it lets in attackers to increase their operations and release additional campaigns. This building has long gone in large part unreported within the cybersecurity neighborhood.”

Cybercriminals can get entry to a personal Telegram channel by the use of which the toolkit is bought to them, which has change into the standard manner for community hackers and malware authors to interact in transactions.

Web hosting Frameworks Focused

Right here under, we’ve got discussed the entire website hosting frameworks that AlienFox objectives:-

  • Laravel
  • Drupal
  • Joomla
  • Magento
  • Opencart
  • Prestashop
  • WordPress

Recognized variations of AlienFox

All of the variations of AlienFox that the safety analysts determine:-

  • AlienFox V2
  • AlienFox V3.x
  • AlienFoxV4

The invention of 3 other variations of AlienFox means that the toolkit’s writer is recently engaged in actively creating and bettering the malicious toolkit. Whilst this discovering comes from the research performed via cybersecurity mavens at SentinelOne safety.

AlienFox steals credentials & secrets and techniques

There are a selection of customized gear in AlienFox that have been advanced via other authors and make the most of various changed open-source utilities.

The use of safety scanning platforms, malicious actors make use of AlienFox to acquire inventories of poorly configured cloud endpoints from resources together with:-

Secondly, AlienFox retrieves delicate configuration recordsdata that most often retailer delicate information from misconfigured servers the usage of data-extraction scripts, together with:-

  • API keys
  • Account credentials
  • Authentication tokens

Along with its number one serve as, the toolkit options unbiased scripts that may permit the software to determine endurance and carry privileges on servers with recognized vulnerabilities.

AWS account get entry to and privilege escalation were built-in into fresh variations of the software. Additionally, the toolkit can automate unsolicited mail campaigns via exploiting compromised accounts to additional complaints.

Whilst the sooner model AlienFox v2 basically concentrates on extracting and enhancing the surroundings recordsdata of the internet server.

Then it makes an attempt to get entry to the focused server the usage of the Paramiko Python library to spot credentials within the recordsdata and check them at the focused server.

With the discharge of AlienFox v3, the toolkit can now mechanically extract keys and secrets and techniques from Laravel environments. As well as, harvested information now comprises tags that explain the purchase manner.

AlienFox’s newest model, v4, boasts progressed group of its code and scripts. Moreover, the toolkit’s focused on scope has been broadened.

Cloud-based Electronic mail Platforms Focused

There are a number of cloud-based e-mail platforms which are focused, equivalent to:-

  • 1and1
  • AWS
  • Bluemail
  • Exotel
  • Google Workspace
  • Mailgun
  • Mandrill
  • Nexmo
  • Office365
  • OneSignal
  • Plivo
  • Sendgrid
  • Sendinblue
  • Sparkpostmail
  • Tokbox
  • Twilio
  • Zimbra
  • Zoho


Right here under, we’ve got discussed the entire suggestions presented via the safety researchers that may assist the defenders to counter this evolving risk:-

  • The directors should make sure that the get entry to keep watch over settings in their servers are set accordingly.
  • Be sure that the record permissions on their server are set correctly.
  • Take away any pointless products and services which are operating to your server.
  • You’ll want to permit multi-factor authentication.
  • Be sure that any job to your accounts that turns out odd or suspicious is carefully monitored.

Construction Your Malware Protection Technique – Obtain Loose E-Ebook

Additionally Learn:

Supply By way of