Threat actors have been peddling the cloud-based attack tool Araneida, which is based on a pirated version of the web app vulnerability scanner Acunetix, to facilitate reconnaissance attacks, as well as data exfiltration and vulnerability discovery activities, KrebsOnSecurity reports.
More than 30,000 websites were purported to have already been compromised using Araneida, which has been leveraging countless proxies to conceal their users' locations, according to a Silent Push analysis. "They are constantly bragging with their community about the crimes that are being committed, how it's making criminals money. They are also selling bulk data and dumps which appear to have been acquired with this tool or due to vulnerabilities found with the tool," said Silent Push senior threat researcher Zach Edwards. Further examination by KrebsOnSecurity has linked Araneida to a Turkish developer. Meanwhile, exploitation of Acunetix in such intrusions has been acknowledged by its vendor Invicti Security. "We have been playing cat and mouse for a while with these guys," said Invicti Chief Information Security Officer Matt Sciberras.