Summary: A new malware strain named DslogdRAT has been identified in attacks targeting Ivanti Connect Secure VPN devices, utilizing a basic Perl web shell for initial access. Researchers uncovered its sophisticated design, allowing for remote command execution and evasion techniques, alongside another malware strain called SPAWNSNARE. Security alerts have been issued due to ongoing exploitation of the CVE-2025-0282 zero-day vulnerability affecting these systems.
Affected: Ivanti Connect Secure
Keypoints :
- DslogdRAT is initially deployed using a Perl-based web shell that allows remote execution of commands on compromised devices.
- The malware is designed to operate stealthily, with functionalities for file transfer, shell command execution, and proxy services.
- Japan’s JPCERT/CC and U.S. CISA have issued alerts regarding vulnerabilities in Ivanti devices, urging immediate patching and monitoring for indicators of compromise.
Source: https://thecyberexpress.com/dslogdrat-malware-deployed-in-ivanti-devices/