Researchers have identified a new malware family that was designed to backdoor and create persistence on VMware ESXi servers by leveraging legitimate functionality the hypervisor software supports. According to researchers from Mandiant who found and analyzed the backdoors, they were packaged and deployed on infected servers as vSphere Installation Bundles (VIBs). VIBs are software packages used to distribute components that extend VMware ESXi functionality. The malicious VIBs provided hackers with remote command execution and persistence capabilities on the servers and the ability to execute commands on the guest virtual machines running on the servers.
Related Post
- January 22, 2025
Mirai Botnet Launches Record 5.6 Tbps DDoS Attack
Web infrastructure and security company Cloudflare on Tuesday said it detected and blocked a 5.6 Terabit per second (Tbps) distributed
- January 21, 2025
The AI Fix #34: Fake Brad Pitt and
In episode 34 of The AI Fix, our hosts watch in horror as a vacuum cleaner sprouts a robotic arm
- January 21, 2025
Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras
Cybersecurity researchers have warned of a new large-scale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG532
- January 21, 2025
Medusa ransomware: what you need to know
What is the Medusa ransomware? Medusa is a ransomware-as-a-service (RaaS) platform that first came to prominence in 2023. The ransomware