Security agencies are warning about two malware loaders that exploit chained vulnerabilities in a popular enterprise mobility management solution. Attackers gain unauthenticated remote code execution to perform network discovery, steal credentials, and establish stealthy persistence. The loaders use custom web listeners to decrypt and execute malicious payloads, making detection difficult without specific monitoring for anomalous files and network traffic.
Latest mentioned: 09-19
Earliest mentioned: 09-18