Cybercriminals Exploit Cracked Acunetix Scanner for Malicious Attacks
Araneida operates as a noisy scanner capable of conducting offensive reconnaissance across various websites. Threat actors are leveraging the tool to identify weaknesses in content management systems (CMS), collect user credentials, and prepare for large-scale exploits. Silent Push identified Araneida in action during an aggressive scan of a partner’s website, leading to further investigation.
“Araneida was recently used in a reconnaissance effort against one of our partners, which initiated our current investigation,” the report noted. The scanner’s code reveals its reliance on cracked Acunetix software, a troubling example of how legitimate tools can be weaponized when pirated.
The creators and users of Araneida are not operating in the shadows—they actively promote their activities on platforms like Telegram. Silent Push uncovered a channel with nearly 500 members where admins provide guidance for malicious use and sell stolen credential sets. These bad actors boast of compromising over 30,000 websites in six months, using ill-gotten funds to purchase luxury cars, and celebrating their success in disrupting technology websites.
During their investigation, analysts found multiple instances of Araneida-hosted services using legacy Acunetix SSL certificates. These certificates provided a critical pivot for identifying associated infrastructure, including Chinese-language panels suspected of operating on similar cracked Acunetix software.
Silent Push also engaged Invicti, the company behind Acunetix, to confirm the misuse of their tool. Invicti verified that these incidents were isolated and did not affect legitimate Acunetix customers.
The misuse of Acunetix is not new. Over the years, multiple threat actors, including advanced persistent threat (APT) groups like APT41, have utilized the scanner in offensive operations. In 2020, Iranian APT actors were reported using Acunetix to target U.S. election websites, while in 2024, APT41 was highlighted for using the tool in reconnaissance efforts.