Microsoft Exposes Cookie-Controlled PHP Web Shells on Linux Servers

Microsoft’s security researchers have uncovered a new tactic used by threat actors to control PHP web shells on Linux servers, leveraging HTTP cookies as a covert control channel to execute remote code.

Rather than relying on traditional methods such as URL parameters or request bodies to expose command execution, these sophisticated web shells utilize cookie values supplied by the threat actors to gate execution, making them more stealthy and difficult to detect.

This approach allows attackers to persist on compromised systems via cron jobs, enabling them to maintain a foothold even after initial infection vectors have been mitigated.

According to the Microsoft Defender Security Research Team, this technique highlights the evolving nature of web shell threats and the need for robust security measures to prevent and detect such attacks.

Linux server administrators are advised to remain vigilant, monitoring their systems for suspicious activity and implementing measures to prevent the use of HTTP cookies as a control channel for malicious activities.

Source: Original Article

Press ESC to close

Share Article:

Tarang Parmar

China-Linked TA416 Targets European Governments with Sophisticated Malware and Phishing Campaigns

Axios npm Package Compromised by UNC1069 Social Engineering Attack