A new modular toolkit called “AlienFox” is being used by threat actors to scan for misconfigured servers and steal authentication secrets and credentials for cloud-based email services. Sold through a private Telegram channel, the toolset targets common misconfigurations in popular services, including Laravel, Drupal, Joomla, Magento, Opencart, Prestashop, and WordPress. The toolkit comprises various custom tools and modified open-source utilities created by different authors, and uses data-extraction scripts to search the misconfigured servers for sensitive configuration files commonly used to store secrets. AlienFox v4 includes better code and script organization, expanded targeting scope, and an automated cryptocurrency wallet seed cracker. To protect against this evolving threat, admins must ensure that their server configuration is set with proper access controls, file permissions, and MFA.
To mitigate these potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net
Source: Bleeping Computer