A new report by the Cybersecurity and Infrastructure Security Agency disclosed the existence of a new backdoor malware called Whirlpool that a malicious cyber group deployed in the recent breaches targeting Barracuda Email Security Gateway devices, BleepingComputer reports.
According to CISA, Whirlpool is the third malware that was used in the Barracuda ESG attacks by the suspected pro-China hacker group UNC4841, joining previously unknown backdoors Saltwater and SeaSpy.
"The malware takes two arguments (C2 IP and port number) from a module to establish a Transport Layer Security (TLS) reverse shell," the report said.
CISA also recently reported on another previously unknown backdoor dubbed Submarine that was found in the SQL database of breached Barracuda ESG devices and which gave the threat actors persistence, root access, and command and control communications capabilities.
Barracuda responded to the incident by offering replacement devices to affected customers, indicating that the severity of the attack was much higher than earlier thought.
BleepingComputer reports that several U.S. financial institutions and numerous cryptocurrency apps are having their users mostly targeted by an expanded Xenomorph malware campaign leveraging an updated version of the Android banking trojan that also set sights on users in Canada, Italy, Spain, Belgium, and Portugal.