Researchers have identified a new malware family that was designed to backdoor and create persistence on VMware ESXi servers by leveraging legitimate functionality the hypervisor software supports. According to researchers from Mandiant who found and analyzed the backdoors, they were packaged and deployed on infected servers as vSphere Installation Bundles (VIBs). VIBs are software packages used to distribute components that extend VMware ESXi functionality. The malicious VIBs provided hackers with remote command execution and persistence capabilities on the servers and the ability to execute commands on the guest virtual machines running on the servers.
- September 30, 2022
- by CDA News Team
- Cyber News
- Less than a minute
- 458 Views
Related Post
- by Francis Schmuff
- March 29, 2025
BlackLock Ransomware Exposed After Researchers Exploit Leak Site
In what’s an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a
- by Francis Schmuff
- March 28, 2025
Friday Squid Blogging: Squid Werewolf Hacking Group
In another rare squid/cybersecurity intersection, APT37 is also known as “Squid Werewolf.” As usual, you can also use this squid
- by Francis Schmuff
- March 28, 2025
VanHelsing ransomware: what you need to know
What is the VanHelsing ransomware? First reported earlier in March 2025, VanHelsing is a new ransomware-as-a-service operation. Oh, so it’s
- by Francis Schmuff
- March 28, 2025
Researchers Uncover 46 Critical Flaws in Solar Inverters
Cybersecurity researchers have disclosed 46 new security flaws in products from three solar inverter vendors, Sungrow, Growatt, and SMA, that