Legion AWS credential harvester and hijacker analyzed
Researchers from Cado Labs recently encountered an update to the emerging cloud-focused malware family, Legion. This sample iterates upon the credential harvesting features of its predecessor, with a continued emphasis on exploiting PHP web applications.
In this Help Net Security video, Matt Muir, Threat Intelligence Researcher at Cado Security, overviews Legion’s cloud-specific functionality.