VoIP phones using Digium’s software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads.
« The malware installs multilayer obfuscated PHP backdoors to the web server’s file system, downloads new payloads for execution, and schedules recurring tasks to re-infect the host system, » Palo

VoIP phones using Digium’s software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads.
« The malware installs multilayer obfuscated PHP backdoors to the web server’s file system, downloads new payloads for execution, and schedules recurring tasks to re-infect the host system, » Palo