Researchers from Cado Labs recently encountered an update to the emerging cloud-focused malware family, Legion. This sample iterates upon the credential harvesting features of its predecessor, with a continued emphasis on exploiting PHP web applications. In this Help Net Security video, Matt Muir, Threat Intelligence Researcher at Cado Security, overviews Legion’s cloud-specific functionality.
The post Legion AWS credential harvester and hijacker analyzed appeared first on Help Net Security.