Cybersecurity researchers have identified a vulnerability in the VirusTotal platform that can be used to execute malicious code and gain access to internal systems remotely. Currently, the breach has already received its patch.
According to Cysource specialists, with the help of the discovered bug, conditional cybercriminals could “remotely execute commands on VirusTotal and gain access to certain platform features for scanning suspicious files.”
The attack vector implies that an attacker must download a DjVu file through the VirusTotal web user interface, after which a vulnerability was exploited in the open-source ExifTool utility.
IMPORTANT REMINDER: STOP/Djvu Ransomware uses the AES-256 encryption algorithm. This ransomware family is one of the most popular infections!
This vulnerability is tracked as CVE-2021-22204 and has a CVSS score of 7.8. Interestingly, the developers closed this vulnerability on April 13, 2021. Nevertheless, the consequences of exploiting the bug led to access to Google systems (owned by VirusTotal) and opened the way to more than 50 hosts (and access was opened with high rights).