Microsoft says that the number of monthly web shell attacks has almost doubled since last year, with an average of 140,000 such malicious tools being found on compromised servers every month. Web shells are tools (scripts or programs) that threat actors deploy on hacked servers to gain and/or maintain access, as well as to remotely execute arbitrary code or commands, to move laterally within the network, or to deliver additional malicious payloads.
They can be deployed in a large variety of forms, from app plugins and PHP or ASP code snippets injected within web apps to programs designed to provide web shell features and Perl, Python, Ruby, and Unix shell scripts.
