Your one-stop web resource providing safety and security information to manufacturers

A kit on the mirror system contains a backdoor that allows remote attackers to execute arbitrary PHP code.

Tencent Security Response Center notified developers the distribution contains a malicious file.

Enfal Malware Hits Nuke, Energy Sectors
Over Half Androids have Vulnerabilities
Chrome for Android Fixes Bugs
Profiting off Android Attacks

The affected mirror is cdnetworks-kr-1, with the backdoor located in the server_sync.php file.

Apparently, this isn’t the only corrupt file. The phpMyAdmin development team said a second file, js/cross_framing_protection.js, also underwent modification. The vulnerability is critical.

Cyber Security

Users who downloaded from the mirror should check if the download contains the server_sync.php file.

If the file is present, the users should download the entire distribution once again from a trusted mirror.

Pin It on Pinterest

Share This