Legion, a malicious software, has recently been updated to include more extensive features. Matt Muir, a researcher from Cado Labs, reported that the new capabilities of Legion include the ability to breach SSH servers and extract AWS credentials from Laravel web applications. Furthermore, the update gives Legion the ability to search for .env files in more locations. Muir commented that this development in the malware’s range emphasizes the importance of regularly assessing access to resources within web applications and avoiding storing secrets in environment files. These changes to Legion demonstrate the malicious actor’s goal of targeting cloud services, and the need for organizations to take proactive measures to guarantee their security.
Source: Hackernews
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.