Legion Malware Upgraded to Target SSH Servers and AWS Credentials

30 May 2023
An updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services (AWS) credentials associated with DynamoDB and CloudWatch.
“This recent update demonstrates a widening of scope, with new capabilities such the ability to compromise SSH servers and retrieve additional AWS-specific credentials from Laravel web applications,” Cado Labs researcher Matt Muir said in a report shared with The Hacker News.
“It’s clear that the developer’s targeting of cloud services is advancing with each iteration.”
Back Top