A previously undocumented Python backdoor targeting VMware ESXi servers has been spotted, enabling hackers to execute commands remotely on a compromised system.
VMware ESXi is a virtualization platform commonly used in the enterprise to host numerous servers on one device while using CPU and memory resources more effectively.
The new backdoor was discovered by Juniper Networks researchers, who found the backdoor on a VMware ESXi server. However, they could not determine how the server was compromised due to limited log retention.
They believe the server may have been compromised using the CVE-2019-5544 and CVE-2020-3992 vulnerabilities in ESXi’s OpenSLP service.
While the malware is technically capable of targeting Linux and Unix systems, too, Juniper’s analysts found multiple indications it was designed for attacks against ESXi.