Researchers have identified a new malware family that was designed to backdoor and create persistence on VMware ESXi servers by leveraging legitimate functionality the hypervisor software supports. According to researchers from Mandiant who found and analyzed the backdoors, they were packaged and deployed on infected servers as vSphere Installation Bundles (VIBs). VIBs are software packages used to distribute components that extend VMware ESXi functionality. The malicious VIBs provided hackers with remote command execution and persistence capabilities on the servers and the ability to execute commands on the guest virtual machines running on the servers.
Related Post
- May 13, 2025
The AI Fix #50: AI brings dead man
In episode 50 of The AI Fix, AI brings a slain man back from the dead so he can appear
- May 13, 2025
China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581
A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical
- May 13, 2025
Malicious PyPI Package Posing as Solana Tool Stole
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application
- May 13, 2025
Two years’ jail for down-on-his-luck man who sold
What do you do if you’re down on your luck? Maybe you struggled at school through no fault of your