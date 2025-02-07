Malware, Vulnerability Management, Threat Intelligence

Sliver malware spread via SimpleHelp RMM exploits

System hacked warning alert on laptop computer. Cyber attack on computer network, virus, spyware, malware or malicious software. Cyber security and cybercrime concept. System security technology (3)

Sliver malware spread by SimpleHelp RMM exploits. (Adobe Stock)

BleepingComputer reports that vulnerable SimpleHelp Remote Monitoring and Management instances impacted by the CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728 flaws have been targeted to deliver the Sliver post-exploitation framework that has gained traction as a Cobalt Strike alternative.

Initial exploitation of SimpleHelp RMM vulnerabilities to link with a targeted endpoint is followed by the execution of several discovery commands obtaining system and network data, domain controller details, and CrowdStrike Falcon information, according to an analysis from cybersecurity provider Field Effect. Access to the targeted environment is then ensured by threat actors through the establishment of a new admin account and the eventual deployment of the Sliver malware, which waits for further commands to establish persistence. Attackers then proceeded to use the same SimpleHelp RMM client and another admin account to compromise the domain controller and distribute a Windows svchost.exe-spoofing Cloudflare Tunnel for covert compromise, said Field Effect. Immediate remediation of flawed SimpleHelp RMM clients has been urged.

Related

Widespread Android malware campaign hits India

Over 1,000 malicious apps and nearly 1,000 phone numbers have been leveraged by a single threat actor to facilitate the deployment of about 900 malware samples with similar code and user interface that were primarily aimed at banking app users, a Zimperium report showed.

Novel crypto-targeting SparkCat malware campaign examined

Both Android and iOS versions of SparkCat exploit the Google ML Kit library's optical character recognition model to facilitate the exfiltration of crypto wallet recovery phrase-containing images to attackers' command-and-control server via Rust, a report from Kaspersky revealed.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

BackdoorBrute ForceCorruptionCovert ChannelsData MiningDefacementDenial of ServiceDisruptionDistributed ScansPassword Cracking

You can skip this ad in 5 seconds