Malicious Listener for Ivanti Endpoint Mobile Management Systems

Malware Analysis at a Glance
Executive Summary	The Cybersecurity and Infrastructure Security Agency (CISA) obtained two sets of malware from an organization compromised by cyber threat actors exploiting CVE-2025-4427 and CVE-2025-4428 in Ivanti Endpoint Manager Mobile (Ivanti EPMM). Each set contains loaders for malicious listeners that enable cyber threat actors to run arbitrary code on the compromised server.
Affected Products	Ivanti EPMM, versions 11.12.0.4 and prior, 12.3.0.1 and prior, 12.4.0.1 and prior, and 12.5.0.0 and prior. (Ivanti provided a patch and disclosed the vulnerabilities on May 13, 2025.)
Key Actions	Detect activity by using the indicators of compromise (IOCs) and detection signatures to identify malware samples. Prevent compromise by upgrading Ivanti EPMM versions to the latest version as soon as possible. Prevent compromise by treating mobile device management (MDM) systems as high-value assets (HVAs) with additional restrictions and monitoring.
Indicators of Compromise	For a downloadable copy of IOCs associated with this malware, see: MAR-251126.r1.v1.CLEAR.
Detection	This malware analysis report includes YARA and SIGMA rules. For a downloadable copy of the SIGMA rule associated with this malware, see: AR25-260A/B SIGMA YAML.
Intended Audience	Organizations: All organizations with on-premises Ivanti EPMM systems. Roles: This article has been indexed from All CISA Advisories Read the original article: Malicious Listener for Ivanti Endpoint Mobile Management Systems Tags: All CISA Advisories EN Post navigation ← CISA Releases Malware Analysis Report on Malicious Listener Targeting Ivanti Endpoint Manager Mobile Systems When Ads Attack: Inside the Growing Malvertising Threat → Search for: Pages Advertising Contact Legal and Contact information Opt-out preferences Privacy Policy Social Media Apps Telegram Channel Recent Posts This versatile Insta360 8K, 360-degree action camera just hit an all-time-low price September 18, 2025 What is hardware security? September 18, 2025 The Quality Era: How CISA’s Roadmap Reflects Urgency for Modern Cybersecurity September 18, 2025 DEF CON 33: Torvik From Tulip Tree Tech September 18, 2025 Healthcare firms’ hack-related losses outpace those of other sectors September 18, 2025 UK arrests 2 more alleged Scattered Spider hackers over London transit system breach September 18, 2025 This Microsoft Entra ID Vulnerability Could Have Been Catastrophic September 18, 2025 Cybercriminals pwn 850k+ Americans’ healthcare data September 18, 2025 ChatGPT Targeted in Server-Side Data Theft Attack September 18, 2025 Wordfence Intelligence Weekly WordPress Vulnerability Report (September 8, 2025 to September 14, 2025) September 18, 2025 Two UK Teenagers Charged Over TfL Hack Linked to Scattered Spider September 18, 2025 Windows Paint just got a major Photoshop-like upgrade you’ll want to try – what’s new September 18, 2025 Cybercriminals pwn 850k+ Americans healthcare data September 18, 2025 Microsoft Disrupts Major Phishing Operation Targeting Microsoft 365 September 18, 2025 Wormable Malware Compromises npm Supply Chain September 18, 2025 SonicWall warns customers to reset credentials after MySonicWall backups were exposed September 18, 2025 Why Outdated Corporate Networks Are Analogous to the Aging U.S. Highway System September 18, 2025 The Hidden War Above: How GPS Jamming Exposes Our Digital Vulnerabilities September 18, 2025 SonicWall Urges Password Resets After Cloud Backup Breach Affecting Under 5% of Customers September 18, 2025 New York Blood Center Alerts 194,000 People to Data Breach September 18, 2025 Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com. Manage Consent To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions. Functional Functional Always active The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network. Preferences Preferences The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user. Statistics Statistics The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you. Marketing Marketing The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes. Manage options Manage services Manage {vendor_count} vendors Read more about these purposes View preferences {title} {title} {title}

Malware Analysis at a Glance

Read the original article:

Post navigation