The US National Security Agency (NSA) and the Australian Signals Directorate (ASD) have published a security advisory this week warning companies to search web-facing and internal servers for common web shells.
“Web shell” is a malicious program or script that’s installed on a hacked server. Web shells provide a visual interface that hackers can use to interact with the hacked server and its filesystem.
Hackers install web shells by exploiting vulnerabilities in internet-facing servers or web applications (such as CMS, CMS plugins, CMS themes, CRMs, intranets, or other enterprise apps, etc.).