Glutton: The Cyber Heist Backfires – When Hackers Hack Hackers!
Cybersecurity researchers have uncovered Glutton, a PHP-based backdoor targeting cybercriminals in a “no honor among thieves” twist. Linked to the notorious Winnti group, Glutton turns the tables by exploiting cybercrime resources and injecting itself into PHP frameworks, creating a recursive attack chain that uses the attackers’ own tactics against them.
Hot Take:
Who needs spy movies when you’ve got cyber espionage drama like this? Glutton proves that even in the world of cybercrime, it’s a “dog-eat-dog” situation. It’s like Ocean’s Eleven meets Mr. Robot, with hackers hacking hackers while everyone else just tries to keep their data out of the crossfire. Move over Hollywood, there’s a new script in town.
Key Points:
- Glutton is a PHP-based backdoor targeting systems in China, the US, Cambodia, Pakistan, and South Africa.
- Attributed by QiAnXin XLab to the Chinese group Winnti (APT41) but without solid proof.
- Designed to exploit PHP frameworks and lacks typical stealth techniques.
- Unorthodoxly advertised on cybercrime forums to attack other cybercriminals.
- Features 22 commands for diverse cyber operations and employs HackBrowserData for sensitive data theft.
Already a member? Log in here