Recently, Cado Security Labs discovered and unveiled details of a new Python-based credential harvester called “Legion.” Cybersecurity researchers have asserted that this hacking tool, “Legion” has already made its way to Telegram and is being actively marketed on Telegram by its operators.  While this hacking tool has been specifically designed to target and exploit a wide range of email services, Legion is likely linked to the infamous AndroxGh0st malware family, which made headlines for the first time in December 2022. Legion Offerings There are several modules included in Legion that are used to enumerate:- Vulnerable SMTP servers Remote Code Execution (RCE) Exploit vulnerable versions of Apache Brute-force cPanel Brute-force WebHost Manager (WHM) accounts Interact with Shodan’s API Hijack SMS messages Compromise Amazon Web Services credentials Besides this, AlienFox is a comprehensive toolset, and it has been identified that AndroxGh0st is part of this toolset.  Since this toolset is vast in nature, so, it also provides threat actors with the ability to steal API keys and essential secrets from cloud services.

Read full article on GBHackers