A hacker group connected to data theft, extortion, and ransomware is targeting SonicWall SMA 100 series appliances with a custom rootkit that opens reverse shells and steals passwords.

The second stage executes malicious macros that create a reverse shell on the target's system, which connects to the attacker's command and control (C2) server.

Regarding its operational capabilities, the malware uses either forkpty or pipes and a forked new process to set up a reverse shell for the attacker to remotely access the infected device. Sedexp ...

A TLC reverse shell is a method used in cyberattacks to establish a secure communication channel between a compromised system and an attacker-controlled server.