Critical VMware Vulnerability Being Used to Drop Ransomware and Miners

Share This Post

Critical vulnerability CVE-2022-22954, first publicized in April with a criticality score of 9.8, has been exploited in multiple malware campaigns recently. Fortinet recently published their findings on three of these campaigns, Mirai, RAR1Ransom, and GuardMiner.

The Mirai variant analyzed deploys Denial of Service (DoS) and brute force attacks with pre-configured commonly used passwords, and also some default credentials for well-known IoT devices. The distribution of RAR1Ransom and GuardMiner is achieved by means of a PowerShell or a shell script, depending on the operating system. RAR1ransom is known for leveraging the legitimate “WinRAR” tool to lock files in password-protected archives, essentially ransoming their victims. Meanwhile, GuardMiner is a cross-platform mining Trojan, which has been active for at least two years and can harvest system resources to mine crypto-currency.

VMware patched this vulnerability in April, yet active exploitation is still underway in the wild. It is imperative that your organization’s infrastructure is patched regularly and on the lookout for any suspicious processes in the environment.

The original vulnerability is tracked here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22954
To read Fortinet’s report on these recent campaigns, visit: https://www.fortinet.com/blog/threat-research/multiple-malware-campaigns-target-vmware-vulnerability



Reach out to our incident response team for help

More To Explore

Information Security News – 6/2/2025

Why Layoffs Increase Cybersecurity Risks Article Link: https://www.helpnetsecurity.com/2025/05/26/layoffs-cybersecurity-risks/ The CISO’s Dilemma: Balancing Access, Security, and Operational Continuity Article Link: https://www.forbes.com/councils/forbestechcouncil/2025/05/27/the-cisos-dilemma-balancing-access-security-and-operational-continuity/ Massive Data Breach Exposes 184

Information Security News – 5/19/2025

Attackers Lace Fake Generative AI Tools With ‘Noodlophile’ Malware Article Link: https://www.darkreading.com/endpoint-security/attackers-fake-generative-ai-tools-malware CISA Reverses Decision on Cybersecurity Advisory Changes Article Link: https://www.infosecurity-magazine.com/news/cisa-reverses-decision-advisory/ FBI Warns That

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.