{"id":49001,"date":"2022-10-24T12:50:52","date_gmt":"2022-10-24T12:50:52","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/33964\/VMware-Bug-With-9.8-Severity-Rating-Exploited-To-Install-Witchs-Brew-Of-Malware.html"},"modified":"2022-10-24T12:50:52","modified_gmt":"2022-10-24T12:50:52","slug":"vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\/","title":{"rendered":"VMware Bug With 9.8 Severity Rating Exploited To Install Witch&#8217;s Brew Of Malware"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2015\/08\/hacked-640x438.jpg\" alt=\"Image of ones and zeros with the word \"><figcaption class=\"caption\"><\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a title=\"23 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2022\/10\/ransomware-crypto-miner-and-botnet-malware-installed-using-patched-vmware-bug\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">29<\/span> <span class=\"visually-hidden\"> with 23 posters participating<\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p> <!-- cache hit 4:single\/related:9e56e1bc13bd599d9619429e57979726 --><!-- empty --><\/p>\n<p>Hackers have been exploiting a now-patched vulnerability in VMware Workspace ONE Access in campaigns to install various ransomware and cryptocurrency miners, a researcher at security firm Fortinet said on Thursday.<\/p>\n<p>CVE-2022-22954 is a remote code-execution vulnerability in VMware Workspace ONE Access that carries a severity rating of 9.8 out of a possible 10. VMware <a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2022-0011.html\">disclosed and patched<\/a> the vulnerability on April 6. Within 48 hours, hackers reverse-engineered the update and developed a working exploit that they then used to <a href=\"https:\/\/arstechnica.com\/information-technology\/2022\/05\/2-vulnerabilities-with-9-8-severity-ratings-are-under-exploit-a-3rd-looms\/\">compromise servers<\/a> that had yet to install the fix. VMware Workspace ONE access \u200b\u200bhelps administrators configure a suite of apps employees need in their work environments.<\/p>\n<p>In August, researchers at Fortiguard Labs saw a sudden spike in exploit attempts and a major shift in tactics. Whereas before the hackers installed payloads that harvested passwords and collected other data, the new surge brought something else\u2014specifically, ransomware known as RAR1ransom, a cryptocurrency miner known as GuardMiner, and Mirai, software that corrals Linux devices into a massive botnet for use in distributed denial-of-service attacks.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/10\/exploit-activity.png\" class=\"enlarge\" data-height=\"406\" data-width=\"804\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/10\/exploit-activity-640x323.png\" width=\"640\" height=\"323\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/10\/exploit-activity.png 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-credit\">FortiGuard<\/div>\n<\/figcaption><\/figure>\n<p>\u201cAlthough the critical vulnerability CVE-2022-22954 is already patched in April, there are still multiple malware campaigns trying to exploit it,\u201d Fortiguard Labs researcher Cara Lin <a href=\"https:\/\/www.fortinet.com\/blog\/threat-research\/multiple-malware-campaigns-target-vmware-vulnerability\">wrote<\/a>. Attackers, she added, were using it to inject a payload and achieve remote code execution on servers running the product.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>The Mirai sample Lin saw getting installed was downloaded from http[:]\/\/107[.]189[.]8[.]21\/pedalcheta\/cutie[.]x86_64 and relied on a command-and-control server at \u201ccnc[.]goodpackets[.]cc. Besides delivering junk traffic used in DDoSes, the sample also attempted to infect other devices by guessing the administrative password they used. After decoding strings in the code, Lin found the following list of credentials the malware used:<\/p>\n<div class=\"cmp cmp-text aem-GridColumn--default--none aem-GridColumn--default--9 aem-GridColumn aem-GridColumn--offset--default--3\">\n<table border=\"1\" width=\"574\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td width=\"144\">\n<p>hikvision<\/p>\n<\/td>\n<td width=\"144\">\n<p>1234<\/p>\n<\/td>\n<td width=\"144\">\n<p>win1dows<\/p>\n<\/td>\n<td width=\"144\">\n<p>S2fGqNFs<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td width=\"144\">\n<p>root<\/p>\n<\/td>\n<td width=\"144\">\n<p>tsgoingon<\/p>\n<\/td>\n<td width=\"144\">\n<p>newsheen<\/p>\n<\/td>\n<td width=\"144\">\n<p>12345<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td width=\"144\">\n<p>default<\/p>\n<\/td>\n<td width=\"144\">\n<p>solokey<\/p>\n<\/td>\n<td width=\"144\">\n<p>neworange88888888<\/p>\n<\/td>\n<td width=\"144\">\n<p>guest<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td width=\"144\">\n<p>bin<\/p>\n<\/td>\n<td width=\"144\">\n<p>user<\/p>\n<\/td>\n<td width=\"144\">\n<p>neworang<\/p>\n<\/td>\n<td width=\"144\">\n<p>system<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td width=\"144\">\n<p>059AnkJ<\/p>\n<\/td>\n<td width=\"144\">\n<p>telnetadmin<\/p>\n<\/td>\n<td width=\"144\">\n<p>tlJwpbo6<\/p>\n<\/td>\n<td width=\"144\">\n<p>iwkb<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td width=\"144\">\n<p>141388<\/p>\n<\/td>\n<td width=\"144\">\n<p>123456<\/p>\n<\/td>\n<td width=\"144\">\n<p>20150602<\/p>\n<\/td>\n<td width=\"144\">\n<p>00000000<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td width=\"144\">\n<p>adaptec<\/p>\n<\/td>\n<td width=\"144\">\n<p>20080826<\/p>\n<\/td>\n<td width=\"144\">\n<p>vstarcam2015<\/p>\n<\/td>\n<td width=\"144\">\n<p>v2mprt<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td width=\"144\">\n<p>Administrator<\/p>\n<\/td>\n<td width=\"144\">\n<p>1001chin<\/p>\n<\/td>\n<td width=\"144\">\n<p>vhd1206<\/p>\n<\/td>\n<td width=\"144\">\n<p>support<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td width=\"144\">\n<p>NULL<\/p>\n<\/td>\n<td width=\"144\">\n<p>xc3511<\/p>\n<\/td>\n<td width=\"144\">\n<p>QwestM0dem<\/p>\n<\/td>\n<td width=\"144\">\n<p>7ujMko0admin<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td width=\"144\">\n<p>bbsd-client<\/p>\n<\/td>\n<td width=\"144\">\n<p>vizxv<\/p>\n<\/td>\n<td width=\"144\">\n<p>fidel123<\/p>\n<\/td>\n<td width=\"144\">\n<p>dvr2580222<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td width=\"144\">\n<p>par0t<\/p>\n<\/td>\n<td width=\"144\">\n<p>hg2x0<\/p>\n<\/td>\n<td width=\"144\">\n<p>samsung<\/p>\n<\/td>\n<td width=\"144\">\n<p>t0talc0ntr0l4!<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td width=\"144\">\n<p>cablecom<\/p>\n<\/td>\n<td width=\"144\">\n<p>hunt5759<\/p>\n<\/td>\n<td width=\"144\">\n<p>epicrouter<\/p>\n<\/td>\n<td width=\"144\">\n<p>zlxx<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td width=\"144\">\n<p>pointofsale<\/p>\n<\/td>\n<td width=\"144\">\n<p>nflection<\/p>\n<\/td>\n<td width=\"144\">\n<p>admin@mimifi<\/p>\n<\/td>\n<td width=\"144\">\n<p>xmhdipc<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td width=\"144\">\n<p>icatch99<\/p>\n<\/td>\n<td width=\"144\">\n<p>password<\/p>\n<\/td>\n<td width=\"144\">\n<p>daemon<\/p>\n<\/td>\n<td width=\"144\">\n<p>netopia<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td width=\"144\">\n<p>3com<\/p>\n<\/td>\n<td width=\"144\">\n<p>DOCSIS_APP<\/p>\n<\/td>\n<td width=\"144\">\n<p>hagpolm1<\/p>\n<\/td>\n<td width=\"144\">\n<p>klv123<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td width=\"144\">\n<p>OxhlwSG8<\/p>\n<\/td>\n<td width=\"144\"><\/td>\n<td width=\"144\"><\/td>\n<td width=\"144\"><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>In what appears to be a separate campaign, attackers also exploited CVE-2022-22954 to download a payload from 67[.]205[.]145[.]142. The payload included seven files:<\/p>\n<ul>\n<li>phpupdate.exe: Xmrig Monero mining software<\/li>\n<li>config.json: Configuration file for mining pools<\/li>\n<li>networkmanager.exe: Executable used to scan and spread infection<\/li>\n<li>phpguard.exe: Executable used for guardian Xmrig miner to keep running<\/li>\n<li>init.ps1: Script file itself to sustain persistence via creating scheduled task<\/li>\n<li>clean.bat: Script file to remove other cryptominers on the compromised host<\/li>\n<li>encrypt.exe: RAR1 ransomware<\/li>\n<\/ul>\n<p>In the event RAR1ransom has never been installed before, the payload would first run the encrypt.exe executable file. The file drops the legitimate WinRAR data compression executable in a temporary Windows folder. The ransomware then uses WinRAR to compress user data into password-protected files.<\/p>\n<p>The payload would then start the GuardMiner attack. GuardMiner is a cross-platform mining Trojan for the Monero currency. It has been active since 2020.<\/p>\n<p>The attacks underscore the importance of installing security updates in a timely manner. Anyone who has yet to install VMware\u2019s April 6 patch should do so at once.<\/p>\n<\/div>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/33964\/VMware-Bug-With-9.8-Severity-Rating-Exploited-To-Install-Witchs-Brew-Of-Malware.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":49002,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[8168],"class_list":["post-49001","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinemalwareflaw"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>VMware Bug With 9.8 Severity Rating Exploited To Install Witch&#039;s Brew Of Malware 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"VMware Bug With 9.8 Severity Rating Exploited To Install Witch&#039;s Brew Of Malware 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-10-24T12:50:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2015\/08\/hacked-640x438.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"VMware Bug With 9.8 Severity Rating Exploited To Install Witch&#8217;s Brew Of Malware\",\"datePublished\":\"2022-10-24T12:50:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\\\/\"},\"wordCount\":551,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware.jpg\",\"keywords\":[\"headline,malware,flaw\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\\\/\",\"name\":\"VMware Bug With 9.8 Severity Rating Exploited To Install Witch's Brew Of Malware 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware.jpg\",\"datePublished\":\"2022-10-24T12:50:52+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware.jpg\",\"width\":640,\"height\":438},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,malware,flaw\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinemalwareflaw\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"VMware Bug With 9.8 Severity Rating Exploited To Install Witch&#8217;s Brew Of Malware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"VMware Bug With 9.8 Severity Rating Exploited To Install Witch's Brew Of Malware 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\/","og_locale":"en_US","og_type":"article","og_title":"VMware Bug With 9.8 Severity Rating Exploited To Install Witch's Brew Of Malware 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-10-24T12:50:52+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2015\/08\/hacked-640x438.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"VMware Bug With 9.8 Severity Rating Exploited To Install Witch&#8217;s Brew Of Malware","datePublished":"2022-10-24T12:50:52+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\/"},"wordCount":551,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/10\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware.jpg","keywords":["headline,malware,flaw"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\/","url":"https:\/\/www.threatshub.org\/blog\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\/","name":"VMware Bug With 9.8 Severity Rating Exploited To Install Witch's Brew Of Malware 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/10\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware.jpg","datePublished":"2022-10-24T12:50:52+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/10\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/10\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware.jpg","width":640,"height":438},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/vmware-bug-with-9-8-severity-rating-exploited-to-install-witchs-brew-of-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,malware,flaw","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinemalwareflaw\/"},{"@type":"ListItem","position":3,"name":"VMware Bug With 9.8 Severity Rating Exploited To Install Witch&#8217;s Brew Of Malware"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49001","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=49001"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49001\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/49002"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=49001"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=49001"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=49001"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}