Threat actors are targeting systems in industrial control environments with backdoor malware hidden in fake password-cracking tools. The tools, being touted for sale on a variety of social media websites, offer to recover passwords for hardware systems used in industrial environments.

Researchers from Dragos recently analyzed one such password-cracking product and found it to contain “Sality,” an old malware tool that makes infected systems part of a peer-to-peer botnet for cryptomining and password cracking.