This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
A new dangerous “Freakout” alias malware campaign has just targeted unpatched Linux workstations that handle Network Attached Storage (NAS) and run some PHP- and Java-listed Web application frameworks.
FreakOut Botnet reappeared for the first time in November 2020 with a fresh range of attacks in January 2021. This malware targets the data storage units of TerraMaster and the web apps built on top of the Zend PHP framework along with the websites running the Liferay portal content management system.
This Pythons-based multi-platform malware that has previously targeted Windows and Linux systems has been updated to make it to internet-exposed VMware vCenter servers that are unpatched against a vulnerability in remote code execution.
This vulnerability in the VMware vCenter plug-in (CVE-2021-21972) for vRealize Operations (vROps) is very noteworthy since it affects the standard installation of the vCenter Server. As revealed by Shodan and BinaryEdge, thousands of unpatched vCenter servers are currently accessible via the Internet.
FreakOut spreads to an IRC botnet managed by masters, exploiting a widespread variety of OS and apps vulnerabilities and demanding passwords over SSH. The key malware features allow operators to launch DDoS attacks, backdoor affected devices, network traffic sniff and steal data, and deploy XMRig miners to mine for Monero.
“Although the bot was originally discovered earlier this year, the latest activity shows numerous changes to the bot, rangin
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: VMware Becomes New Target of FreakOut Malware