Cloud Security, Vulnerability Management

Hacked Emby user media servers shut down

Some undisclosed number of user-hosted Emby media server instances compromised with a malicious plugin in recent attacks have been shut down, reports BleepingComputer. Internet-exposed private Emby servers have been targeted since mid-May, with threat actors exploiting a known proxy header security flaw to obtain access to admin servers and later deploy a plugin meant to exfiltrate all user credentials in hacked servers, according to Emby. "After careful analysis and evaluation of possible strategies for mitigation, the Emby team was able to push out an update to Emby Server instances which is able to detect the plugin in question and prevents it from being loaded. Due to the severity and the nature of this situation and in an abundance of caution we are preventing affected servers to start up again after the detection," noted Emby, which also recommended the immediate removal of the helper.dll or EmbyHelper.dll files, as well as include the "emmm.spxaebjhxtmddsri.xyz 127.0.0.1" line in their hosts file to prevent malware access to threat actors' server.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.