Evolving AlienFox Malware Steals Cloud Services Credentials

Attackers Use Toolkit to Harvest API Keys and Secrets From 18 Cloud Providers
Hackers have used a modular toolkit called "AlienFox'" to compromise email and web hosting services at 18 companies. Distributed mainly by Telegram, the toolkit scripts are readily available in open sources such as GitHub, leading to constant adaptation and variation in the wild.

alienfox api api keys attackers called cloud cloud services companies compromise credentials distributed email github hosting keys malware modular scripts secrets services telegram toolkit web web hosting