Security News > 2021 > July > CISA warns of stealthy malware found on hacked Pulse Secure devices
The U.S. Cybersecurity and Infrastructure Security Agency released an alert today about more than a dozen malware samples found on exploited Pulse Secure devices that are largely undetected by antivirus products.
Today, CISA published analysis reports for 13 malware pieces, some of them comprised of multiple files, found on compromised Pulse Secure devices.
All the files that CISA analyzed were found on compromised Pulse Connect Secure devices and some of them were modified versions of legitimate Pulse Secure scripts.
For one of the malware samples, CISA notes it is a "Modified version of a Pulse Secure Perl Module" namely DSUpgrade.
In another case, the threat actor modified a Pulse Secure system file to steal credential data from users that logged in successfully.
Most of the files that CISA found on hacked Pulse Secure devices were undetected by antivirus solutions at the time of the analysis; and only one of them was present on the VirusTotal file scanning platform, added two months ago and detected by one antivirus engine as a variant of ATRIUM webshell.