Researchers have identified a new malware family that was designed to backdoor and create persistence on VMware ESXi servers by leveraging legitimate functionality the hypervisor software supports. According to researchers from Mandiant who found and analyzed the backdoors, they were packaged and deployed on infected servers as vSphere Installation Bundles (VIBs). VIBs are software packages used to distribute components that extend VMware ESXi functionality. The malicious VIBs provided hackers with remote command execution and persistence capabilities on the servers and the ability to execute commands on the guest virtual machines running on the servers.
Related Post
- April 20, 2025
APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through
The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that’s targeting diplomatic entities
- April 19, 2025
Rogue npm Packages Mimic Telegram Bot API to
Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but
- April 19, 2025
ASUS Confirms Critical Flaw in AiCloud Routers; Users
ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized
- April 18, 2025
Friday Squid Blogging: Live Colossal Squid Filmed
A live colossal squid was filmed for the first time in the ocean. It’s only a juvenile: a foot long.