Hackers are exploiting the Shellshock bash vulnerability to infect enterprise Network Attached Storage systems (NAS) with malware. VMware has also issued updates for several of its products to protect against the Shellshock exploit.
FireEye researchers reported the campaign in a blog post warning that the targeted attacks have the potential to offer hackers full access to all data stored on the systems.
"These attacks result in the hackers having a root level remote shell, gaining full access to the contents of the NAS. The observed targets have been primarily located in Japan and Korea with one additional target observed in the US," read the post.
"NAS systems are used by enterprises to store large volumes of files and house databases, as well as by consumers for personal storage. This makes an NAS an attractive target for attackers given the broad types of data they handle. In this case, the attackers can gain full access to the NAS content as well as execute other commands."
The researchers warned that the attacks are doubly dangerous as the hackers install a backdoor on the infected devices, ensuring they have ongoing access to, and power over, the NAS systems.
"An interesting component of the attack is the script also attempts to copy an SSH key to the local authorized_keys file on the NAS device, this allows future password-less log-ins, creating a backdoor for the attacker to the NAS device," read the post.
Shellshock is a flaw in the Bash code used on Unix and Unix-like systems that was uncovered earlier in September. The widespread use of Bash led to concerns that the flaw could be exploited to infect everything from computers, to servers and SCADA systems.
Prior to FireEye's discovery researchers from Zscaler ThreatLabZ reported uncovering evidence that hackers are exploiting Shellshock to install malware on Nginx and Apache web servers.
The seriousness of the bug has led many technology firms to release emergency patch fixes. Most recently VMware reported it is developing a Bash patch for 38 of its virtual appliance products.
After decades of development, virtual reality is finally reaching professional usability
Nintendo sales double and profits balloon by 500 per cent as Shuntaro Furukawa is appointed president
Switch console sold more than 15 million units, while SNES Classic sold more than five million
High-precision measurements of nearly 1.7 billion stars made by Gaia space observatory
Water trapped in asteroids could be the source of the Earth's seas