New Glutton Malware Targets PHP Framework Vulnerabilities
/ 1 min read
🦹♂️💻 New Glutton Malware Targets Cybercriminals with PHP-Based Backdoor. Cybersecurity researchers from QiAnXin XLab have identified a new PHP-based backdoor named Glutton, linked to the Chinese nation-state group Winnti (APT41), which has been used in attacks across multiple countries, including the U.S. and China. Glutton is designed to harvest sensitive information and deploy additional malware, exploiting vulnerabilities in popular PHP frameworks. Notably, it targets cybercriminals by compromising their operations, creating a “no honor among thieves” scenario. The malware’s modular design allows it to execute various commands and maintain persistence, while its lack of stealth techniques raises questions about its connection to Winnti. This discovery follows the recent unveiling of another APT41 malware variant, Mélofée, which features enhanced stealth capabilities.
