Black and White Domination: Glutton Trojan Lurks in Mainstream PHP Frameworks, Secretly Attacking for Up to a Year
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The XLab threat detection system uncovered an advanced PHP trojan named Glutton, which has been active for over a year without detection. Glutton targets both legitimate businesses and cybercriminal operations, infiltrating popular PHP frameworks like ThinkPHP and Laravel. It employs modular components for information theft, backdoor installation, and code injection. The malware can deploy both ELF-based Winnti backdoors and PHP-based backdoors, demonstrating cross-platform capabilities. Notably, Glutton also targets black market operations by infecting their systems, potentially aiming to steal from cybercriminals themselves. The attack framework operates without leaving files on disk, making detection challenging.
OPENCTI LABELS :
backdoor,winnti,php,glutton
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Black and White Domination: Glutton Trojan Lurks in Mainstream PHP Frameworks, Secretly Attacking for Up to a Year