A joint advisory from the Cybersecurity and Infrastructure Security Agency and FBI is warning organizations against the spread of a Python-scripted malware known as AndroxGh0st.
In a document released Tuesday, the two agencies listed tactics, techniques and procedures being followed by threat actors that deploy the virus, which targets confidential files in applications such as Microsoft Office 365 and those of Amazon Web Services.
AndroxGh0st uses a botnet to exploit vulnerable networks and file formats such as .env and simple mail transfer protocol. Aside from AWS and Microsoft, other companies that have been affected are marketing e-mail platform SendGrid and its parent company Twilio, according to the cybersecurity advisory.
CISA and FBI also listed known indicators of compromise, including uniform resource identifiers and POST request strings and attempted credential exfiltration.
The two agencies urged organizations to prioritize patching such vulnerabilities in internet-facing systems, make sure that only necessary servers have online accessibility and investigate unauthorized use of credentials listed in .env files.