The generic malware known as Legion has been updated with new capabilities to compromise SSH servers and the Amazon Web Services (AWS) login credentials for DynamoDB and CloudWatch. “This recent update demonstrates a widening of scope, with new capabilities such as the ability to compromise SSH servers and retrieve additional AWS-specific credentials from Laravel web applications,” Cado Labs researcher Matt Muir said in a report posted with The Hacker News.
With each version, the developer’s targeting of cloud services is evidently becoming better. The cloud security company published the first report on the Python-based hacking tool Legion last month, showing its capacity to infiltrate weak SMTP servers and steal credentials.