Acunetix Under Attack: Cracked Version Used for Malicious Scanning
Researchers at Silent Push have uncovered alarming details about the “Araneida Scanner,” a malicious tool built on a cracked version of Acunetix, a renowned web application vulnerability scanner. This tool is actively employed in illicit activities ranging from data harvesting to vulnerability exploitation.
The “Araneida Scanner” is distributed through Telegram and other platforms, where it is purchased by cybercriminals. Reports indicate that over the past six months, attackers using this tool have targeted more than 30,000 websites.
Promoted as a powerful attack instrument, the tool provides users with an installation file that, once activated, scans websites to identify vulnerabilities for potential exploitation. Its activity generates significant traffic, primarily targeting content management system (CMS) platforms.
Investigations have revealed that the tool was developed by a programmer based in Ankara, Turkey. A dedicated Telegram channel with approximately 500 members shares reports of breaches, stolen data, and other outcomes of illicit activities.
Furthermore, researchers discovered another malicious tool linked to Acunetix. Login portals in Chinese and legacy SSL certificates from Acunetix confirm the use of cracked versions of the software.
The presence of Chinese language in the login portals points to potential involvement by groups like APT41, previously associated with Acunetix-based attacks. APT41’s activities have included phishing campaigns, SQL injection exploitation, and cyber-espionage operations.
Experts from Silent Push, in collaboration with Invicti (the developer of Acunetix), confirmed that the legitimate version of Acunetix remains secure. The primary threat stems from the misuse of cracked versions of the software. Silent Push has also provided data on the infrastructure of the “Araneida Scanner,” including domains and IP addresses, to help organizations safeguard against these attacks.
This case highlights the significant risks posed by the unauthorized use of cybersecurity platforms. Tools designed to defend against threats can become formidable weapons in the hands of cybercriminals.
The connection between the “Araneida Scanner,” its Turkish developer, and potential links to Chinese threat actors underscores the critical need for international collaboration and information sharing to combat such threats effectively.
