What is a web shell attack?

A web shell attack is when there's a backdoor that an attacker can use to run malicious code on a compromised system. Attackers use vulnerabilities to implant malicious code in existing files or upload new malicious files to the compromised machine. After a web shell has been established, the attacker can remotely browse to the URL containing their malicious code and execute arbitrary commands on the web server. At this point, the attacker can do nearly anything to the server including gaining remote access, exfiltrating data, installing ransomware or a cryptocurrency miner.