Researchers have identified a new malware family that was designed to backdoor and create persistence on VMware ESXi servers by leveraging legitimate functionality the hypervisor software supports. According to researchers from Mandiant who found and analyzed the backdoors, they were packaged and deployed on infected servers as vSphere Installation Bundles (VIBs). VIBs are software packages used to distribute components that extend VMware ESXi functionality. The malicious VIBs provided hackers with remote command execution and persistence capabilities on the servers and the ability to execute commands on the guest virtual machines running on the servers.
- September 30, 2022
- by CDA News Team
- Cyber News
- Less than a minute
- 319 Views
Related Post
This Windows PowerShell Phish Has Scary Potential
Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who
FBI Shuts Down Chinese Botnet
The FBI has shut down a botnet run by Chinese hackers: The botnet malware infected a number of different types
New Brazilian-Linked SambaSpy Malware Targets Italian Users via
A previously undocumented malware called SambaSpy is exclusively targeting users in Italy via a phishing campaign orchestrated by a suspected
New TeamTNT Cryptojacking Campaign Targets CentOS Servers with
The cryptojacking operation known as TeamTNT has likely resurfaced as part of a new campaign targeting Virtual Private Server (VPS)