Some undisclosed number of user-hosted Emby media server instances compromised with a malicious plugin in recent attacks have been shut down, reports BleepingComputer.
Internet-exposed private Emby servers have been targeted since mid-May, with threat actors exploiting a known proxy header security flaw to obtain access to admin servers and later deploy a plugin meant to exfiltrate all user credentials in hacked servers, according to Emby.
"After careful analysis and evaluation of possible strategies for mitigation, the Emby team was able to push out an update to Emby Server instances which is able to detect the plugin in question and prevents it from being loaded. Due to the severity and the nature of this situation and in an abundance of caution we are preventing affected servers to start up again after the detection," noted Emby, which also recommended the immediate removal of the helper.dll or EmbyHelper.dll files, as well as include the "emmm.spxaebjhxtmddsri.xyz 127.0.0.1" line in their hosts file to prevent malware access to threat actors' server.
Cloud Security, Vulnerability Management
Hacked Emby user media servers shut down
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds