VMware virtual machines under attack hackers may have exploited zero-day for months

Broadcom has warned about severe zero-day vulnerabilities affecting VMware software, which is widely used to power virtual machines. China-linked hackers may have been exploiting the flaws for months or even years to silently elevate privileges to administrator-level.

These tools use a service discovery feature to scan the VM regularly (every 5 minutes), identify running programs, and their versions.

The next time the scanner runs, it will pick up this fake program and run it with administrative privileges to check its version. However, instead of the version information, the malicious program now has root access and can do anything: install backdoors, steal data, and, ultimately, take control of the system.

For example, China-linked hackers often store binaries disguised as /tmp/httpd (HTTP daemon, a program name for a web server). The VMware service discovery then picks these up and runs with elevated privileges, even if unintentionally.

To read the complete article see: Cybernews