Unnoticed python backdoor designed to target ESXi server
Juniper Threat Lab has discovered two active vulnerabilities being exploited in the wild. CVE-2019-5544 and CVE-2020-3992, both vulnerabilities belonging to ESXI's OpenSLP service, have been used since 2019 to implant backdoors in VMware ESXi virtualization servers.
VMware ESXi is an enterprise-class hypervisor developed by VMware. This is a bare metal hypervisor. That is, it runs directly on your system hardware without the need for an operating system. You can run multiple virtual machines on a single physical hardware.
While investigating a compromised host, JTL uncovered a simple but powerful backdoor Python script, but with limited log storage on the server, JTL Labs had no idea how the server was compromised. It is unknown whether
"Although the Python scripts used in this attack are cross-platform and can be used on Linux or other UNIX-like systems with little or no modification, there are some indications that this attack was designed specifically for ESXi. I have. The file name and location /store/packages/vmtools.py were chosen to give little suspicion to the virtualization host. This file begins with a VMware copyright that matches a publicly available sample and is extracted letter by letter from an existing Python file provided by VMware." JTL posted.
Subscribe to:
Post Comments (Atom)
The Hidden Payload: PUP Ads Used for Silent Malware Drops
Hackers Exploit PUP Advertisements to Silently Drop Windows Malware Cybersecurity investigators have uncovered a stealthy campaign in whi...
-
Critical Ingress NGINX Controller Vulnerabilities Expose Kubernetes Clusters to Remote Code Execution A set of five critical security vuln...
-
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp A suspected Russian hacking group known as Wate...
-
https://www.securityweek.com VMware Urges Immediate Updates for Critical Cloud and Virtualization Vulnerabilities Broadcom-owned VMware is...
No comments:
Post a Comment