Critical VMware Vulnerability Exploited To Drop Miners And Ransomware

According to security researchers, hackers are still exploiting the critical VMware vulnerability (CVE-2022-22954) that allows them to drop various malware variants including the RAR1Ransom tool that locks files in password-protected archives. The vulnerability has been actively exploited in April-May, and despite VMware releasing a security update addressing the issue, many systems still remain vulnerable. Recently campaigns that are abusing this bug went through a change from data exfiltration campaigns to dropping miners, file-lockers, and DDoS enlisting from a Mirai variant. Read more...