Black and White Domination: Glutton Trojan Lurks in Mainstream PHP Frameworks

(520) 462-0516

Black and White Domination: Glutton Trojan Lurks in Mainstream PHP Frameworks

The XLab threat detection system uncovered an advanced PHP trojan named Glutton, which has been active for over a year without detection. Glutton targets both legitimate businesses and cybercriminal operations, infiltrating popular PHP frameworks like ThinkPHP and Laravel. It employs modular components for information theft, backdoor installation, and code injection. The malware can deploy both ELF-based Winnti backdoors and PHP-based backdoors, demonstrating cross-platform capabilities. Notably, Glutton also targets black market operations by infecting their systems, potentially aiming to steal from cybercriminals themselves. The attack framework operates without leaving files on disk, making detection challenging. Author: AlienVault

Related Tags:
Glutton

T1553.004

T1205

T1588.002

T1070.004

T1059.004

T1037

Information Technology

T1021.001

Associated Indicators:
64F11153D9A845DB0A2C713900562C6F0CD74971

17DFBDAE01CE4F0615E9A6F4A12036C4

F8CA32CB0336AAA1B30B8637ACD8328D

8FE73EFBF5FD0207F9F4357ADF081E35

C1F6B7282408D4DFDC46E22BBDB3050F

8E734319F78C1FB5308B1E270C865DF4

722A9ACD6D101FAF3E7168BEC35B08F8

AD150541A0A3E83B42DA4752EB7E269B

3F8273575D4C75053110A3D237FDA32C

Threat Intel Solutions

Black and White Domination: Glutton Trojan Lurks in Mainstream PHP Frameworks

Search

Popular Posts

Dangerous runC flaws could allow hackers to escape Docker containers

Lost iPhone? Don’t fall for phishing texts saying it was found

NAKIVO Introduces v11.1 with Upgraded Disaster Recovery and MSP Features

Categories

Pages

Archives

Tags

Follow Us