Backdoor was intentionally planted in 2018 and found during the DEF CON 2019 security conference when researchers stumbled upon malicious code.
In an unnerving twist, when a critical zero-day vulnerability was reported in a Unix administration tool, called Webmin, it was revealed the flaw was no accident. According to researchers, the vulnerability was a secret backdoor planted in the popular utility nearly a year before its discovery.
The backdoor gave anyone with knowledge of its existence the ability to execute commands as root, meaning an attacker could take control of the targeted endpoint. According to Jamie Cameron, the author of Webmin, the bogus version was 1.890. Two additional versions were found with near identical backdoor code, version 1.900 and 1.920.
An updated version of
Webmin 1.930 and
Usermin version 1.780 address the vulnerabilities.
“Neither of these were accidental bugs – rather, the Webmin source code had been maliciously modified to add a non-obvious vulnerability,” Cameron wrote in a
post outlining the issues.
threatpost.com
