Researchers have identified a new malware family that was designed to backdoor and create persistence on VMware ESXi servers by leveraging legitimate functionality the hypervisor software supports. According to researchers from Mandiant who found and analyzed the backdoors, they were packaged and deployed on infected servers as vSphere Installation Bundles (VIBs). VIBs are software packages used to distribute components that extend VMware ESXi functionality. The malicious VIBs provided hackers with remote command execution and persistence capabilities on the servers and the ability to execute commands on the guest virtual machines running on the servers.
Related Post
- February 22, 2025
Bybit Confirms Record-Breaking $1.46 Billion Crypto Heist in
Cryptocurrency exchange Bybit on Friday revealed that a “sophisticated” attack led to the theft of over $1.46 billion worth of
- February 22, 2025
OpenAI Bans Accounts Misusing ChatGPT for Surveillance and
OpenAI on Friday revealed that it banned a set of accounts that used its ChatGPT tool to develop a suspected
- February 21, 2025
Friday Squid Blogging: New Squid Fossil
A 450-million-year-old squid fossil was dug up in upstate New York. Blog moderation policy.
- February 21, 2025
Apple Drops iCloud’s Advanced Data Protection in the
Apple is removing its Advanced Data Protection (ADP) feature for iCloud from the United Kingdom with immediate effect following government