"New Python Malware Backdoors VMware ESXi Servers for Remote Access"

A previously unknown Python backdoor targeting VMware ESXi servers has been discovered, allowing hackers to remotely execute commands on a compromised system. VMware ESXi is a virtualization platform that is commonly used in the enterprise environment to host multiple servers on a single device while making better use of CPU and memory resources. Juniper Networks researchers discovered the new backdoor while exploring a VMware ESXi server. However, due to limited log retention, they could not determine how the server was compromised. They suspect the server was compromised by exploiting the CVE-2019-5544 and CVE-2020-3992 vulnerabilities in ESXi's OpenSLP service. Although the malware can target Linux and Unix systems, Juniper's analysts discovered multiple indications that it was designed for ESXi attacks. This article continues to discuss the new Python backdoor targeting VMware ESXi servers.

Bleeping Computer reports "New Python Malware Backdoors VMware ESXi Servers for Remote Access"