Malware
ShadowPad
First seen: 2017-07 • Status: active
Currently Active Threat
ShadowPad is a shared hacking tool used by multiple Chinese government groups. It was hidden in legitimate software updates.
Overview
ShadowPad is a modular backdoor shared among Chinese APT groups. It was first discovered in a supply chain attack on NetSarang software.
How It Spreads
- • Supply chain compromise
- • Targeted attacks
What It Does
- • Modular backdoor
- • Plugin architecture
- • Keylogging
- • Screen capture
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Monitor for ShadowPad signatures
- • Audit software supply chain
MITRE ATT&CK Techniques
T1195, T1056, T1005
If You're Infected
- 1.
Audit all third-party software
- 2.
Engage threat intelligence
Related Malware
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required