Black and White Domination: Glutton Trojan Lurks in Mainstream PHP Frameworks

1(520) 261-1728

Black and White Domination: Glutton Trojan Lurks in Mainstream PHP Frameworks

The XLab threat detection system uncovered an advanced PHP trojan named Glutton, which has been active for over a year without detection. Glutton targets both legitimate businesses and cybercriminal operations, infiltrating popular PHP frameworks like ThinkPHP and Laravel. It employs modular components for information theft, backdoor installation, and code injection. The malware can deploy both ELF-based Winnti backdoors and PHP-based backdoors, demonstrating cross-platform capabilities. Notably, Glutton also targets black market operations by infecting their systems, potentially aiming to steal from cybercriminals themselves. The attack framework operates without leaving files on disk, making detection challenging. Author: AlienVault

Related Tags:
Glutton

T1553.004

T1205

T1588.002

T1070.004

T1059.004

T1037

Information Technology

T1021.001

Associated Indicators:
64F11153D9A845DB0A2C713900562C6F0CD74971

17DFBDAE01CE4F0615E9A6F4A12036C4

8E734319F78C1FB5308B1E270C865DF4

722A9ACD6D101FAF3E7168BEC35B08F8

BA95FCE092D48BA8C3EE8456EE4570E4

4914B8E63F431FC65664C2A7BEB7ECD5

AD0D88982C7B297BB91BB9B4759CE0AB

6B5A58D7B82A57CDDCD4E43630BB6542

69ED3EC3262A0D9CC4FD60CEBFEF2A17

Threat Intel Solutions

Black and White Domination: Glutton Trojan Lurks in Mainstream PHP Frameworks

Search

Popular Posts

2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

MintsLoader: StealC and BOINC Delivery

Categories

Archives

Tags

Follow Us