Security News > 2021 > June > FreakOut malware worms its way into vulnerable VMware servers

A multi-platform Python-based malware targeting Windows and Linux devices has now been upgraded to worm its way into Internet-exposed VMware vCenter servers unpatched against a remote code execution vulnerability.

FreakOut spreads itself by exploiting a wide range of OS and apps vulnerabilities and brute-forcing passwords over SSH, adding the infected devices to an IRC botnet controlled by its masters.

"Although the bot was originally discovered earlier this year, the latest activity shows numerous changes to the bot, ranging from different command and control communications and the addition of new exploits for spreading, most notably vulnerabilities in VMWare vSphere, SCO OpenServer, Vesta Control Panel and SMB-based exploits that were not present in the earlier iterations of the code," Cisco Talos security researcher Vanja Svajcer said.

While early FreakOut versions were able to exploit only vulnerable versions of Lifearay, Laravel, WebLogic, TerraMaster, and Zend Framework web apps, the latest ones have more than double the number of built-in exploits.

Attackers have previously mass scanned for vulnerable Internet-exposed vCenter servers after security researchers published a proof-of-concept exploit code.

VMware vulnerabilities have also been exploited in the past in ransomware attacks targeting enterprise networks.

News URL

https://www.bleepingcomputer.com/news/security/freakout-malware-worms-its-way-into-vulnerable-vmware-servers/