Cado Security announced new research regarding an emerging malware campaign. This malware campaign predominantly targets misconfigured servers that are running Apache Hadoop YARN, Confluence, Docker or Redis web-facing servers.
This research exhibits not just the exploitation of one service, but multiple services generally utilized in the cloud. The research further demonstrates malicious actors’ intentions to leverage security research in their attacks and to employ the Platypus reverse shell to sustain access.