Tech

Known VMware flaw abused to distribute ransomware

When it comes to abusing a known flaw in VMware Workspace One Access, threat actors have decided to up their ante, bringing ransomware into the mix. 

A report from Fortinet, which observed the change in attacks in August this year, noted a new flaw in VMware’s product – a remote code execution vulnerability due to server-side template injection.

The flaw was tracked as CVE-2022-22954, and it was quickly discovered that a known threat actor – APT35 (AKA Rocket Kitten) was using it. A month later, EnemyBot jumped on the bandwagon, too. Different threat actors were abusing the flaw to deploy the Mira botnet for DDoS attacks, or GuardMiner to mine cryptocurrencies for the attackers.

Enter RAR1Ransom

Now, Fortinet observed the flaw being used to deploy the RAR1Ransom tool. BleepingComputer describes it as a “simple ransomware tool” that abuses WinRAR to compress the victim’s files and lock them with a password. Once it completes the task, it gives all locked files the .rar1 extension. To obtain the password, victims need to pay 2 XMR – or roughly $290. 

It’s worth mentioning that this is not a “classic” ransomware variant, as it doesn’t actually encrypt the files – it just locks them in a password-protected archive. 

Read more

> Multiple VMware products found to contain critical security flaws

> VMware virtualization software is being hijacked to spy on businesses

> These are the best antivirus tools around

Fortinet has also found that the XMR address to which victims need to pay is the same as the one used in GuardMiner. 

VMware fixed the remote code execution vulnerability months ago, but it seems that some organizations are yet to patch up their endpoints, staying vulnerable to a growing set of attacks. It fixed the flaw together with a couple of other vulnerabilities in April, and urged its users not to satisfy with the workaround it provided at the time:

“Workarounds, while convenient, do not remove the vulnerabilities, and may introduce additional complexities that patching would not,” the company warned. “While the decision to patch or use the workaround is yours, VMware always strongly recommends patching as the simplest and most reliable way to resolve this issue.”

Check out the best malware removal tools around

Via: BleepingComputer

 

You Might Also Like

I’ve reviewed laptops for decades; and this $499 Core i7 2-in1 laptop is perfect for freelancers

Sony’s new AV receivers with PS5 & Sonos support are the future-proof option we need

Many security teams are prioritizing prevention over detection, with disastrous results

YouTube’s Go Live Together lets you co-host a livestream – but there’s a catch

Share this Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow US

Find US on Social Medias
Popular News
- Advertisement -
Ad imageAd image
Global Coronavirus Cases

Confirmed

0

Death

0

More Information:Covid-19 Statistics
Lost your password?