Researchers have identified a new malware family that was designed to backdoor and create persistence on VMware ESXi servers by leveraging legitimate functionality the hypervisor software supports. According to researchers from Mandiant who found and analyzed the backdoors, they were packaged and deployed on infected servers as vSphere Installation Bundles (VIBs). VIBs are software packages used to distribute components that extend VMware ESXi functionality. The malicious VIBs provided hackers with remote command execution and persistence capabilities on the servers and the ability to execute commands on the guest virtual machines running on the servers.
Related Post
- March 31, 2025
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to
The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver
- March 31, 2025
Hackers Exploit WordPress mu-Plugins to Inject Spam and
Threat actors are using the “mu-plugins” directory in WordPress sites to conceal malicious code with the goal of maintaining persistent
- March 31, 2025
⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs,
Every week, someone somewhere slips up—and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud
- March 31, 2025
The Signal Chat Leak and the NSA
US National Security Advisor Mike Waltz, who started the now-infamous group chat coordinating a US attack against the Yemen-based Houthis