Researchers have discovered a new malware family that uses a set of eight exploits to compromise web servers, network drives and removable drives.
Dubbed BlackSquid, the malware has been observed dropping XMRig cryptominer programs, but attackers could easily use it to deliver other nasty payloads to infected devices, as well as obtain unauthorized access, escalate privileges, steal information, incapacitate hardware and software systems, and more, according to a blog post today by Trend Micro.
“Our telemetry observed the greatest number of attack attempts using BlackSquid in Thailand and the U.S. during the last week of May,” warns blog post author Johnlery Triunfante.
BlackSquid’s arsenal of tools includes the EternalBlue Windows SMB protocol exploit, the DoublePulsar backdoor implant, three ThinkPHP exploits, the Rejetto HTTP File Server flaw CVE-2014-6287, Apache Tomcat vulnerability CVE-2017-12615, and Windows bug CVE-2017-8464. In addition to leveraging the exploits, the ma ..
Support the originator by clicking the read the rest link below.
