Legion, a malware first reported on in April targeting 19 separate cloud services, has widened its scope to include the ability to compromise SSH servers and retrieve additional Amazon Web Service-specific credentials from Laravel web applications. In a blog post May 24, Cado Security researchers said Legion targets misconfigured PHP web applications and attempts to exfiltrate credentials for cloud services.
Read full article on SC Magazine