A recent report has disclosed that ShadowPad backdoor malware has been actively used by different Chinese espionage groups since 2017. It is a well-known Windows backdoor that downloads malicious modules or steals data.
Why the high demand
At least five Chinese actors have used ShadowPad malware in their espionage activities namely APT41, Tick & Tonto Team, Operation Redbonus, Operation Redkanku, and Fishmonger.
- Using ShadowPad greatly reduces the development and maintenance cost for the attackers.
- It is a privately sold modular malware platform whose plugins are offered separately.
- It allows its users to remotely deploy new plugins to a backdoor. It is speculated that anyone who can produce a plugin with the correct format can add new features to the backdoor freely.
- Moreover, malware developers keep adding new anti-detection features and persistence techniques to it.
A background check
- An individual ‘whg’ and his affiliate known as ‘Rose’ are the suspected authors of this malware platform. Further, both of them have been commercializing their malware development and hacking skills.
- It was used as the main backdoor in various cyberespionage campaigns, such as the NetSarang, CCleaner, and ASUS supply-chain attacks.
- Besides, the ShadowPad malware platform is traded privately to a limited group of customers.
Conclusion
ShadowPad is a well-developed malware platform that is still under regular development, making it a serious threat. Additionally, the availability of such advanced malware as a commodity will empower and motivate novice hackers to soon leap into action immediately.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/eb77_shutterstock_2011937609.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/6fdd_shutterstock_514124719.jpg)
