A new backdoor malware campaign targeting Linux systems and exploiting critical vulnerability in SAP has been uncovered by cybersecurity researchers. The malware, known as Auto-Color, was deployed in a targeted intrusion against a US-based chemicals company in April 2025. According to an advisory published by Darktrace on 29 July 2025, the attack began when a threat actor exploited CVE-2025-31324, a critical flaw in SAP NetWeaver that allows remote file uploads and potential system compromise.
