Necro Python bot now enhanced with new VMWare, server exploits
Latest in cybersecurity.
Operators behind the Necro Python botnet have added new features to their bot, including VMWare and server exploits.
Experts from Cisco Talos have recently observed a new Necro Python bot campaign and noticed that its developers have improved its capabilities.
Researchers noticed that malware authors have added multiple exploits for over 10 different web applications and the SMB protocol. The malicious code includes exploits for vulnerabilities in VMWare vSphere, SCO OpenServer, and the Vesta Control Panel.
The attack chain starts with the exploitation of one of the flaws in the targeted applications or the operating systems. In some cases, experts noticed that attackers used a Java-based downloader for the initial infection stage. The malware could infect bot Linux-based and Windows operating systems, The malware leverages a combination of a standalone Python interpreter and a malicious script, an also ELF executables created with pyinstaller.
via Security Affairs https://ift.tt/2ISWpiN
June 4, 2021 at 11:17AM