Attackers targeting unpatched Cisco kit notice malware implant removal, install it again

Rebooting an infected device removes BADCANDY, the ASD says, but warns that “rebooting will not reverse additional actions taken by the threat actor and will not remedy the initial vulnerability exploited to gain access.”

“ASD believes actors are able to detect when the BADCANDY implant is removed and are re-exploiting the devices,” the advisory states. “This further highlights the need to patch against CVE-2023-20198 to avoid re-exploitation.” – Simon Sharwood

To read the complete article see: The Register.