Pulse Secure VPN devices are currently being targeted by four new malware tools. Some experts and other security researchers claimed that this new malicious equipment can exploit a dangerous vulnerability that has a severity score of ten CVSS (Common Vulnerability Scoring System).

Experts Claim Pulse Secure VPN Devices are Targeted by Four New Malware Tools
(Photo : Photo by David McNew/Getty Images)
People in the audience are illuminated by the screens of their laptop computers during the Sony press conference on the eve of the Electronic Entertainment Expo (E3) on June 4, 2012 in Los Angeles, California. E3 is the most important yearly trade show the USD 78.5 billion videogame industry.

"Mandiant is currently tracking 12 malware families associated with the exploitation of Pulse Secure VPN devices," said the involved security researchers. 

"These families are related to the circumvention of authentication and backdoor access to these devices, but they are not necessarily related to each other and have been observed in separate investigations," added Mandiant's security experts. 

This information was confirmed by FireEye's Mandiant cyber forensics team. To give you more ideas, here are other details of the four new malware tools. 

Pulse Secure VPN at Risk of CVE-2021-22893

According to ZDNet's latest report, the involved experts claimed that the new malware tools can exploit this major vulnerability called CVE-2021-22893. They added that this major vulnerability has a severity score of 10 CVSS.

On the other hand, experts also explained that this exploit is described as an authentication bypass, which could affect Pulse Connect Secure. 

Experts Claim Pulse Secure VPN Devices are Targeted by Four New Malware Tools
(Photo : Photo by Adam Berry/Getty Images)
A particpant checks a circuit board next to an oscilloscope on the first day of the 28th Chaos Communication Congress (28C3) - Behind Enemy Lines computer hacker conference on December 27, 2011 in Berlin, Germany. 

Also Read: Belgium Ministry's Entire Computer System, Volunteer Service Abroad Breached by Two Massive Ransomware Attacks

What makes this exploit very serious is that it can allow unauthenticated attackers to perform remote arbitrary code execution (RCE). Aside from these, Mandiant's security team also confirmed that the four new malware tools can also send other security flaws, such as CVE-2019-11510, CVE-2020-8260, and CVE-2020-8243. 

Right now, various hackers are developing and improving different kinds of computer viruses, malware, and ransomware, such as the latest Panda malware and the new AndroidOS/MalLocker.B ransomware.  

Affected Credentials 

On the other hand, FireEye's official website confirmed that the four new malicious technologies can steal sensitive credentials from the Pulse Secure VPN devices. 

One of the most important information it can acquire is the user's Pulse Secure VPN login. However, the security firm hasn't released other details if there are other credentials that can be stolen. 

Here are the exact new malware tools that you need to know: 

  • Rapidpulse (A webshell that exists as a modification) 
  • Bloodmine (This malicious equipment can access PSC log files and acquire logins, message IDs, and web requests) 
  • Bloodbank (Designed for credential theft and parses files containing password hashes or plaintext credentials) 
  • Cleanpulse (A memory patching tool for preventing specific log events)

For more news updates about malware-related stories, always keep your tabs open here at TechTimes.  

Related Article: Microsoft Says SolarWinds Hackers Are Attacking More Government Agencies, NGOs Globally

This article is owned by TechTimes

Written by: Griffin Davis

ⓒ 2021 TECHTIMES.com All rights reserved. Do not reproduce without permission.