Researchers have identified a new malware family that was designed to backdoor and create persistence on VMware ESXi servers by leveraging legitimate functionality the hypervisor software supports. According to researchers from Mandiant who found and analyzed the backdoors, they were packaged and deployed on infected servers as vSphere Installation Bundles (VIBs). VIBs are software packages used to distribute components that extend VMware ESXi functionality. The malicious VIBs provided hackers with remote command execution and persistence capabilities on the servers and the ability to execute commands on the guest virtual machines running on the servers.
Related Post
- June 8, 2025
Malicious Browser Extensions Infect 722 Users Across Latin
Cybersecurity researchers have shed light on a new campaign targeting Brazilian users since the start of 2025 to infect users
- June 6, 2025
Friday Squid Blogging: Squid Run in Southern New
Southern New England is having the best squid run in years. As usual, you can also use this squid post
- June 6, 2025
Hearing on the Federal Government and AI
On Thursday I testified before the House Committee on Oversight and Government Reform at a hearing titled “The Federal Government
- June 6, 2025
New Atomic macOS Stealer Campaign Exploits ClickFix to
Cybersecurity researchers are alerting to a new malware campaign that employs the ClickFix social engineering tactic to trick users into