AdvisoryAdvisoriesCISAAA24-016A

January 16, 2024

Known Indicators of Compromise Associated with Androxgh0st Malware

January 16, 2024

What we know so far

This joint Cybersecurity Advisory from the FBI and CISA warns of the Androxgh0st malware, which establishes a botnet to exploit known vulnerabilities like CVE-2017-9841 in PHPUnit, CVE-2018-15133 in Laravel, and CVE-2021-41773 in Apache. Androxgh0st targets .env files containing sensitive credentials, uses SMTP for malicious activities, and can execute remote code through exposed Laravel application keys and Apache web servers. Organizations are urged to patch known vulnerabilities, limit internet exposure, and monitor for unauthorized access, especially in services with exposed credentials.

Arrow Right

Schedule a test

Subscribe to advisory alerts

Be immediately notified of new advisories and associated security tests

More advisories