Compromised SSH Keys via Web Redirect: A Security Alert
SGI has observed malicious activity involving compromised SSH authorized_keys files, likely resulting from web-based redirects and unauthorized access.
SGI Alert: Suspicious Activity from Korean IP Host
SGI observed suspicious network activity originating from a Korean IP address (AS4766). Investigation reveals a small text file with a generic hash, indicating possible reconnaissance activity.
Low-Severity Malware Detection: standalone-framework.js
SGI detected a low-severity malware family, standalone-framework.js, originating from Brazil. Investigation reveals potential file property manipulation.
Compromised SSH Keys via Web-Delivered Payload
SGI detected a low-severity threat involving a web-delivered file that drops potentially malicious SSH authorized keys. The file was detected via VirusTotal.