Researchers have identified a new malware family that was designed to backdoor and create persistence on VMware ESXi servers by leveraging legitimate functionality the hypervisor software supports. According to researchers from Mandiant who found and analyzed the backdoors, they were packaged and deployed on infected servers as vSphere Installation Bundles (VIBs). VIBs are software packages used to distribute components that extend VMware ESXi functionality. The malicious VIBs provided hackers with remote command execution and persistence capabilities on the servers and the ability to execute commands on the guest virtual machines running on the servers.
Related Post
- August 4, 2025
First Sentencing in Scheme to Help North Koreans
An Arizona woman was sentenced to eight-and-a-half years in prison for her role helping North Korean workers infiltrate US companies
- August 4, 2025
The Wild West of Shadow IT
Everyone’s an IT decision-maker now. The employees in your organization can install a plugin with just one click, and they
- August 4, 2025
PlayPraetor Android Trojan Infects 11,000+ Devices via Fake
Cybersecurity researchers have discovered a nascent Android remote access trojan (RAT) called PlayPraetor that has infected more than 11,000 devices,
- August 2, 2025
CL-STA-0969 Installs Covert Malware in Telecom Networks During
Telecommunications organizations in Southeast Asia have been targeted by a state-sponsored threat actor known as CL-STA-0969 to facilitate remote control