ShadowPad Malware Discovered in NetSarang Software

From July 17 to August 4, 2017, five software products sold by development company NetSarang reportedly contained malware that created a backdoor in customers’ networks. The malware, dubbed ShadowPad, was included within Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322, Xftp 5.0 Build 1218, and Xlpd 5.0 Build 1220. The NJCCIC recommends administrators of the affected products review NetSarang’s Security Notice and apply the necessary updates as soon as possible. In addition, we recommend all NJCCIC members review our recent threat analysis report titled Supply Chain: Compromise of Third-Parties Poses Increasing Risk and take steps to manage your organization’s supply chain risk.