Another day, another malware. The latest victim’s name is NetSarang – a Korean software development company. It seems that the malware which has been named ShadowPad was successful in installing ‘what is known as backdoors’ in several of the products released by NetSarang and thereby gained access to confidential client information.
Backdoors are essentially a means to access computer programs by bypassing the usual security mechanisms. Typically created by software developers themselves for handling troubleshooting issues, these can be sometimes successfully exploited by hackers. Hackers can also implant or create backdoors on their own. This is what happened in the case of NetSarang Products.
To give the exact data, ShadowPad the backdoor, was planted in five of NetSarang’s products and it remained in them, undetected, for 17 days, from 17 July to 4 August this year. The malware was exposed only recently when it was brought to the attention of the antivirus provider Kaspersky Lab by a financial client.
It has been found out the malware has been active only in Hong Kong so far. And Kaspersky Lab is recommending that all users using these affected NetSarang products better move to the respective updated versions released only recently by the affected software company.
Igor Soumenkov, the security expert at Kaspersky Lab, has been quoted as saying, “ShadowPad is an example of how dangerous and wide-scale a successful supply chain attack can be. Given the opportunities for reach and data collection it gives to the attackers, most likely it will be reproduced again and again with some other widely used software component”.
The reason for this ShadowPad Malware lying dormant without being noticed by anyone seems to be the way it has been designed. Its creators have made sure the trails of the usual malware behavior didn’t appear on the infected machines until they received a special packet from the server. [It was a suite of server-management NetSarang software products which were compromised].
It seems that once the backdoors were successfully activated by ShadowPad malware, the compromised systems became vulnerable to data theft, surveillance and even deployment of other kinds of destructive malware. NetSarang has addressed the issue in a statement, saying, “Regretfully, the Build release of our full line of products on July 18, 2017, was unknowingly shipped with a backdoor, which had the potential to be exploited by its creator”.
This incident serves as a clear case of how companies have to be vigilant all the time when it comes to their security maintenance. They should be employing the right kind of endpoint security tools and antivirus packages which can, if not eliminate, will at least reduce cybercrimes such as these.
ShadowPad malware incident is being viewed as one of the largest known supply chain attacks, affecting software users from banks and pharmaceutical companies to energy suppliers.
Customers using NetSarang products released after August 4 are not at risk of this ShadowPad malware.