• Mon. Jun 17th, 2024

Legion Hacking Tool is Able to Steal the Data From Unprotected Sites

Avatar photo

ByHarper Stewart

May 5, 2023
Legion Hacking Tool is Able to Steal the Data From Unprotected Sites
Harper Stewart
Latest posts by Harper Stewart (see all)

Legion, a Python-based hacking tool that is offered through Telegram and is utilized to break into multiple internet platforms for further misuse, was uncovered by experts.

Specialists from Cado Labs discovered that Legion contains modules for exploiting unpatched Apache versions, scanning unprotected SMTP networks, launching remote code execution attacks, brute-forcing cPanel and WHM accounts, and interfacing with Shodan API and AWS services.

What’s Inside the Malware

The tool is very similar to AndroxGh0st, another malware family, and is part of a new generation of cloud-based credential harvesting and spamming tools. It targets web servers that use CMS, PHP, or PHP-based frameworks like Laravel and extracts stolen data through Telegram. Developers of such tools often plagiarize each other’s code, making it hard to attribute the malware’s origin.

Legion, based on Cado Labs’ report, can gather login credentials for different online services such as email, cloud platforms, databases, and payment gateways like PayPal and Stripe. It targets numerous services, including SendGrid, Twilio, Nexmo, AWS, and Mailgun.

The software exploits insecure web servers to obtain AWS login details and sends spam SMS messages to users of major US mobile carriers such as AT&T, Sprint, T-Mobile, Verizon, and Virgin.

The Goal of the Hacker’s Tool

Malware’s primary objective is to exploit compromised service infrastructure for further attacks, such as massive spam campaigns and opportunistic phishing efforts.

Moreover, investigators have uncovered a YouTube channel established on June 15, 2021, that features instructional videos about Legion.

Experts infer that “the software is extensively distributed and is presumably a paid malicious software.” The whereabouts of the tool’s creator, who goes by the moniker forzatools on Telegram, remain undisclosed, although the existence of remarks in Indonesian language within the code implies that the developer could be an Indonesian or situated in that nation.

Avatar photo

Harper Stewart

With a deep understanding of the complexities of the Dark Web, Harper curates informative and thought-provoking content for our readers. Her knowledge of the hidden corners of the internet and cybersecurity helps shed light on the often mysterious and illicit activities that take place in this realm.