: Change all administrative passwords for your UniFi Controller and any SSH credentials used to manage network hardware.
: In some instances, running the contents establishes a persistent backdoor, allowing attackers to pivot from the administrator's workstation into the broader network infrastructure. Indicators of Compromise (IoCs) If you encounter this file, look for these red flags:
While the specific payload can vary depending on the variant of the attack, security researchers have noted the following characteristics: USW-Hacked.zip
"USW-Hacked.zip" appears to be a malicious archive file associated with or credential harvesting targeting users of UniFi (Ubiquiti) network equipment .
: Official Ubiquiti software is digitally signed; malicious versions lack a valid signature or use a spoofed one. Recommended Actions : Change all administrative passwords for your UniFi
: If you have downloaded the file, do not open or extract it.
: It is often significantly smaller or larger than official firmware packages. : Official Ubiquiti software is digitally signed; malicious
: The ZIP often contains .exe or .bat files disguised as legitimate Ubiquiti utilities.