In a concerning development that has cybersecurity experts on high alert, a cracked version of the powerful Acunetix web application vulnerability scanner is being sold under the name “Araneida Scanner” for malicious purposes by cybercriminals. This tool, originally designed as a robust commercial product, is now being marketed as a cloud-based attack instrument on various cybercrime forums and through a Telegram channel boasting nearly 500 subscribers. Cybercriminals are leveraging this unauthorized version to perform offensive reconnaissance on potential target websites, scrape user data, and identify vulnerabilities that can be exploited. Silent Push’s investigation into this issue began after one of their partners faced an aggressive scanning attempt on their website. Following the investigation, the source of the scan was traced back to the “Araneida Customer Panel,” unveiling a widespread operation with dozens of unique addresses hosting the same malicious service.
Operators of the Araneida scanner claim significant success, boasting they have compromised over 30,000 websites within six months and even openly brag about their criminal exploits. These activities include using stolen payment card data to purchase luxury items. Matt Sciberras, Chief Information Security Officer at Invicti Security, confirmed that the cracked version of Acunetix bypasses the requirement for a valid license key, and Invicti is actively working to counter these unauthorized uses.
The consequences of this cracked tool are far-reaching, impacting more than just individual cybercriminals. According to a report from the U.S. Department of Health and Human Services, a similar cracked version of Acunetix is also being utilized by APT 41, a notorious Chinese state-sponsored hacking group. Silent Push researchers have identified at least 20 instances of similar cloud-based vulnerability testing services targeting Mandarin-speaking users, suggesting a potential state-backed operation.
Despite attempts by the operators to hide their activities through the use of proxy servers, the Araneida scanner leaves distinct digital traces. These traces include generating a high volume of requests to various API endpoints and querying random URLs linked with different content management systems.
In light of this growing threat, the cybersecurity community is advised to remain vigilant and implement strong security measures to prevent potential attacks utilizing this cracked tool. This development underscores the need for ongoing cybersecurity vigilance and proactive defense strategies, as the damage from such malicious activities continues to spread across various sectors and regions.