Security News > 2022 > December > New Python malware backdoors VMware ESXi servers for remote access
A previously undocumented Python backdoor targeting VMware ESXi servers has been spotted, enabling hackers to execute commands remotely on a compromised system.
VMware ESXi is a virtualization platform commonly used in the enterprise to host numerous servers on one device while using CPU and memory resources more effectively.
The new backdoor was discovered by Juniper Networks researchers, who found the backdoor on a VMware ESXi server.
The script's name and location make Juniper Networks believe that the malware operators intend to target VMware ESXi servers specifically.
"The file begins with a VMware copyright consistent with publicly available examples and is taken character-for-character from an existing Python file provided by VMware."
One of the threat actors' actions observed by Juniper's analysts was to change the ESXi reverse HTTP proxy configuration to allow remote access to communicate with the planted webserver.
News URL
Related news
- Perfctl malware strikes again as crypto-crooks target Docker Remote API servers (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)