Security researchers warn that multiple groups are deploying malware programs that function as extensions for Internet Information Services (IIS) Malware was deployed this year by hackers exploiting Microsoft Exchange zero-day vulnerabilities. A total of 14 groups have been observed using native IIS backdoors and information stealers in recent years. In total, ESET has observed over 80 samples of malicious IIS extensions that belong to 14 distinct malware families, ten of which were previously undocumented. The malware is a diverse class of threats used for cybercrime, cyberespionage, and SEO fraud.”]
Source: https://www.csoonline.com/article/3629130/wave-of-native-iis-malware-hits-windows-servers.html