New AlienFox toolkit steals credentials for 18 cloud services

Home/cloud, Compromised, Exploitation, IOC's, malicious cyber actors, Security Advisory, Security Update, Targeted Attacks/New AlienFox toolkit steals credentials for 18 cloud services

New AlienFox toolkit steals credentials for 18 cloud services

A recently discovered comprehensive toolset dubbed AlienFox toolkit is circulating on Telegram. 

It’s a modular set of tools that enables malicious actors to scan for poorly configured servers, potentially leading to the theft of cloud-based email service credentials and authentication secrets.

According to SentinelLabs research on AlienFox, this powerful toolkit aims to fix popular misconfigurations in widely used online hosting frameworks such as Drupal, Opencart, WordPress, Magento and Prestashop among many others. Targeted services also include Laravel and Joomla.

Here below, we have mentioned all the hosting frameworks that AlienFox targets:-

  • Laravel
  • Drupal
  • Joomla
  • Magento
  • Opencart
  • Prestashop
  • WordPress

Identified versions of AlienFox

All the versions of AlienFox that the security analysts identify:-

  • AlienFox V2
  • AlienFox V3.x
  • AlienFoxV4

AlienFox then uses data extraction scripts to explore misconfigured servers and locate sensitive configuration files, which are often used to store secrets such as API keys, account credentials, and authentication tokens.

Using security scanning platforms, malicious actors employ AlienFox to obtain inventories of poorly configured cloud endpoints from sources including:-

  • LeakIX
  • SecurityTrails

Secondly, AlienFox retrieves sensitive configuration files that generally store sensitive data from misconfigured servers using data-extraction scripts, including:-

  • API keys
  • Account credentials
  • Authentication tokens

More specifically, the third version of the kit introduced better performance, now with initialization variables, Python classes with modular functions and process threading.

The latest version of AlienFox is v4, which has better code and script organization and extended targeting range.


  • The administrators must ensure that the access control settings of their servers are set accordingly.
  • Ensure that the file permissions on their server are set properly.
  • Remove any unnecessary services that are running on your server.
  • Make sure to enable multi-factor authentication.
  • Ensure that any activity on your accounts that seems unusual or suspicious is closely monitored.

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!