Join us

Legion: an AWS Credential Harvester and SMTP Hijacker

@faun ・ Apr 25,2023

Researchers have discovered a Python-based credential harvesting and hack tool named Legion, which is sold via the Telegram messenger.

Legion is designed to exploit various services for email abuse, including SMTP servers, Apache vulnerabilities, and AWS services, among other things. The tool also includes modules to brute-force cPanel and WebHost Manager (WHM) accounts and offers utilities for abusing AWS services.

Legion was found to be related to AndroxGh0st, another malware family discovered by Lacework in December 2022. Legion includes the ability to deliver SMS spam messages to US mobile users, retrieve AWS console credentials, and implant webshells.

Let's keep in touch!

Stay updated with my latest posts and news. I share insights, updates, and exclusive content.

Unsubscribe anytime. By subscribing, you share your email with @faun and accept our Terms & Privacy.

Give a Pawfive to this post!

Only registered users can post comments. Please, login or signup.

Share with your friends and followers

Start writing about what excites you in tech — connect with developers, grow your voice, and get rewarded.

Join other developers and claim your FAUN.dev() account now!

Publish your first story!

The FAUN

FAUN.dev()

@faun

The FAUN watches over the forest of developers. It roams between Kubernetes clusters, code caves, AI trails, and cloud canopies, gathering the signals that matter and clearing out the noise.