banner1
Logo Blinking Image
banner2

HOME
Cyber Crime

BADIIS Hijacks 1,800 Trusted Servers

by VARINDIA 2026-02-14
BADIIS Hijacks 1,800 Trusted Servers

Elastic Security Labs has uncovered a sweeping intrusion campaign in which the BADIIS malware silently compromised more than 1,800 Microsoft IIS servers worldwide. Victims include government, education and financial institutions whose trusted domains were turned into engines for global scam distribution.

The activity, linked to a Chinese-speaking cluster known as REF4033 or UAT-8099, expands on earlier findings from Cisco Talos and Trend Micro. Instead of defacing sites, operators monetised reputation by redirecting traffic toward gambling portals and cryptocurrency traps.

BADIIS is not a simple web shell. It embeds as a native IIS module, attaching to the worker process and intercepting requests before normal handling begins.

The malware inspects visitor attributes. Search crawlers receive keyword-rich pages to manipulate rankings, while real users may be invisibly pushed to fraudulent destinations. Administrators, meanwhile, are shown clean content, masking the breach.

By proxying malicious material through legitimate infrastructure, the attackers inherit the authority of respected domains, making detection far harder for both visitors and search engines.

Elastic notes heavy exposure across Asia-Pacific, but infections span multiple continents. High-credibility sites amplify scam reach, while some environments also risk theft of certificates and internal configurations.

Because BADIIS lives inside the request pipeline, traditional antivirus rarely flags it. Unsigned or unfamiliar modules can persist for long periods without triggering alarms.

Security teams should baseline approved IIS modules, enable configuration change logging and aggressively hunt unsigned libraries in system paths. Strong identity controls for administrators are critical, as module installation requires elevated rights.

This operation represents evolution—from crude spam hosting to infrastructure weaponisation. Trust itself becomes the payload.For enterprises, the warning is stark: if attackers control the server logic, brand reputation can be repurposed overnight.

er

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
AiFrame: Fake AI Extensions Hijack Browsers

AiFrame: Fake AI Extensions Hijack Browsers

On Saint Valentine’s Day Kaspersky warns against gift card scams

On Saint Valentine’s Day Kaspersky warns against gift card scams

DigiCert releases Q4 2025 RADAR Brief

DigiCert releases Q4 2025 RADAR Brief

SOFTWARE
View All
Enlight AIOps marks ESDS’s strategic push into AI operations management

Enlight AIOps marks ESDS’s strategic push into AI operations management

HCLTech and Cisco launch AI‑powered Fluid Contact Center solution

HCLTech and Cisco launch AI‑powered Fluid Contact Center solution

Okta launches new tools to tackle shadow AI and secure the agentic enterprise

Okta launches new tools to tackle shadow AI and secure the agentic enterprise

START - UP
View All
Remidio Takes India’s Blindness Prevention AI Global

Remidio Takes India’s Blindness Prevention AI Global

Bretton AI Lands $75M for Compliance

Bretton AI Lands $75M for Compliance

e-TRNL Energy raises INR 27.4 Cr in seed funding to advance next-Gen battery cell innovation

e-TRNL Energy raises INR 27.4 Cr in seed funding to advance next-Gen battery cell innovation

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

wew
wrdf
Start-Up and Unicorn Ecosystem
GTIG: AI Supercharges Cyberattacks

GTIG: AI Supercharges Cyberattacks

Royal Canin achieves 50% increase in forklift loading rates with Zebra Technologies

Royal Canin achieves 50% increase in forklift loading rates with Zebra Technologies

Shunya Labs develops CPU-optimized voice AI stack for the next billion users

Shunya Labs develops CPU-optimized voice AI stack for the next billion users

UIDAI unveils new Aadhaar app; Prudent Technologies enables secure consent framework and mobile integration

UIDAI unveils new Aadhaar app; Prudent Technologies enables secure consent framework and mobile integration

Banking industry Confronts AI’s Dual-Auth Dilemma

Banking industry Confronts AI’s Dual-Auth Dilemma

Honeywell launches hybrid solution to enable real-time electrification in industrial heating

Honeywell launches hybrid solution to enable real-time electrification in industrial heating

Findability Sciences and Pantaleon launch Stomata Labs for AI-led sugar value chain innovation

Findability Sciences and Pantaleon launch Stomata Labs for AI-led sugar value chain innovation

India-EU FTA: How the 'Mother of All Deals' Could Rewire India's Electronics and Tech Manufacturing Future

India-EU FTA: How the 'Mother of All Deals' Could Rewire India's Electronics and Tech Manufacturing Future

AI, Risk, and Readiness: The VAR Test of 2026

AI, Risk, and Readiness: The VAR Test of 2026

From Compute to Cooling: How are AI workloads reshaping Datacenter designs

From Compute to Cooling: How are AI workloads reshaping Datacenter designs

dsf