A recent report has disclosed that ShadowPad backdoor malware has been actively used by different Chinese espionage groups since 2017. It is a well-known Windows backdoor that downloads malicious modules or steals data.
Why the high demand
At least five Chinese actors have used ShadowPad malware in their espionage activities namely APT41, Tick & Tonto Team, Operation Redbonus, Operation Redkanku, and Fishmonger.
Using ShadowPad greatly reduces the development and maintenance cost for the attackers.
It is a privately sold modular malware platform whose plugins are offered separately.
It allows its users to remotely deploy new plugins to a backdoor. It is speculated that anyone who can produce a plugin with the correct format can add new features to the backdoor freely.
Moreover, malware developers keep adding new anti-detection features and persistence techniques to it.
A background check
An individual ‘whg’ and his affiliate known as ‘Rose’ are the suspected authors of this malware platform. Further, both of them have been commercializing their malware development and hacking skills.
It was used as the main backdoor in various cyberespionage campaigns, such as the NetSarang, CCleaner, and ASUS supply-chain attacks.
Besides, the ShadowPad malware platform is traded privately to a limited group of customers.
ShadowPad is a well-developed malware platform that is still under regular development, making it a serious threat. Additionally, the availability of such advanced malware as a commodity will empower and motivate novice hackers to soon leap into action immediately.