The danger actors recently tried to take advantage of a fresh patching Max-Widery SAP Natwar defect to deploy a frequent Linux Remote Access Trojan (RAT) “Auto-Kolar”.
According to a report by a darkness, a recent attack misused the defect to establish an advanced-phase agreement, but was soon vested by its “autonomous response”.
“In April 2025, Darkstress identified an auto-colored malware attack on the US-based chemical company network,” said the Darktress blog post It was shared with the CSO before his publication on Tuesday. “After successfully blocking malicious activity and incorporating the attack, the dark threater research team conducted a deep investigation into the malware, (disclosure) that the actor with danger explained the CVE-2025-31324 to deploy auto-color as part of a multi-step attack.”
Darktras confirmed this as the first seen pair of SAP Natawver exploitation with auto-collar malware. Earlier, there was a possibility of blame in zero-day attacks to install the JSP web shell on the SAP server.
Frankie SklafaniDirector of the Director of Cyber Security in Deepwach, said that the search warrant immediately pays attention to the organizations. “The dangerous convergence of an important SAP vulnerability with elusive auto-collar backdoor malware to target the significant infrastructure,” he said, “harasses a new chapter in cyber threats,” he said. “The security community should continuously monitor this activity and promote collaborative intelligence sharing to understand and counter the threats of the danger.”
