A new backdoor malware named Auto-Color has been discovered targeting Linux systems via the exploitation of a critical SAP NetWeaver vulnerability (CVE-2025-31324). This sophisticated threat demonstrates how attackers can leverage known flaws for multi-stage attacks, emphasizing the need for integrated SAP and IT security measures. #AutoColor #CVE-2025-31324
Keypoints
- The malware Auto-Color was deployed against a US chemicals company in April 2025.
- Attackers exploited a critical SAP NetWeaver vulnerability to inject the backdoor on Linux hosts.
- Auto-Color functions as a Remote Access Trojan with advanced Linux persistence techniques.
- Detection was enabled through DNS tunneling signs and suspicious download activities.
- Organizations running SAP should prioritize patching and integrate SAP security into broader IT operations.
Read More: https://www.infosecurity-magazine.com/news/auto-color-backdoor-exploits-sap/