“The malware installs multilayer obfuscated PHP backdoors to the web server’s file system, downloads new payloads for execution and schedules recurring tasks to re-infect the host system,” the report states. “Moreover, the malware implants a random junk string to each malware download in an attempt to evade signature defenses based on indicators of compromise (IoCs).” While Unit 42 doesn’t state if businesses or users were affected by the malware attack, it’s worth noting that malware attacks can spread to a selection of devices — not only through malware-infested Android apps or spyware on iPhones. To keep your phones and laptops safe, be sure to check out the best antivirus apps. And, for a better look at the different types of malicious attacks, find out the differences between spyware and stalkerware.
