According to fresh data released today by BlackBerry Research & Intelligence and Incident Response (IR) teams, cybercriminals have been exploiting the flaw to download a second-stage payload onto victims PCs.
Cryptocurrency miners, Cobalt Strike Beacons, and web shells were among the payloads seen, confirming a prior NHS warning about active exploitation of VMware Horizon server vulnerabilities to drop malicious web shells and establish persistence on targeted networks for follow-on attacks.