Open source web hosting software compromised with DDoS malware

[silversurfer]

The provider of an open-source hosting panel software admitted yesterday to a security breach during which an unknown hacker contaminated the project's source code with malware that logs passwords, open shells, and can launch DDoS attacks.
"Our infrastructure server was hacked," said a member of the Vesta Control Panel (VestaCP) team yesterday in a forum post. "The hackers then changed all installation scripts to log admin password and [server IP]."

The code permitted attackers to collect admin passwords for servers where the Vesta control panel was installed. To avoid making the traffic from compromised servers look suspicious, the attackers sent passwords back to an official VestaCP domain that they presumably still had control over. Attackers then used these passwords to access compromised servers and install a new malware strain named Linux/ChachaDDoS --broken down in this ESET report released today.

Source: https://www.zdnet.com/article/open-sourc...s-malware/