Powerful backdoor found in software used by >100 banks and energy cos.

Dan Goodin

from Ars Technica - All content on 2017-08-15 19:02 (#2ZBKR)

For 17 days starting last month, an advanced backdoor that gave attackers complete control over networks lurked in digitally signed software used by hundreds of banks, energy companies, and pharmaceutical manufacturers, researchers warned Tuesday.

The backdoor, dubbed ShadowPad, was added to five server- or network-management products sold by NetSarang, a software developer with offices in South Korea and the US. The malicious products were available from July 17 to August 4, when the backdoor was discovered and privately reported by researchers from antivirus provider Kaspersky Lab. Anyone who uses the five NetSarang titles Xmanager Enterprise 5.0, Xmanager 5.0, Xshell 5.0, Xftp 5.0, or Xlpd 5.0, should immediately review posts here and here from NetSarang and Kaspersky Lab respectively.

Covert data collection

The attack is the latest to manipulate the supply chain of a legitimate product in hopes of infecting the people who rely on it. The NotPetya worm that shut down computers around the world in June used the same tactic after attackers hijacked the update mechanism for tax software that was widely used in Ukraine. Supply-chain attacks that targeted online gamers included one used to spread the PlugX trojan in 2015 and the malware dubbed WinNTi in 2013.

Read 8 remaining paragraphs | Comments

index?i=OQ8ls1omJls:IkWWIasOOGc:V_sGLiPB

index?i=OQ8ls1omJls:IkWWIasOOGc:F7zBnMyn

Source	RSS or Atom Feed
Feed Location	http://feeds.arstechnica.com/arstechnica/index
Feed Title	Ars Technica - All content
Feed Link	https://arstechnica.com/