A new powerful backdoor, dubbed ShadowPad was found lurking in software used by "hundreds" of global banks, energy firms and pharmaceutical companies for 17 days. The backdoor was found hidden in digitally signed software sold by the software developer NetSarang. The ShadowPad backdoor has already been activated by hackers against an unspecified firm in Hong Kong.
NetSarang's software was available from 17 July to 4 August, before the backdoor was uncovered by Kaspersky Lab researchers. NetSarang confirmed that its software was "unknowingly shipped with a backdoor." The firm has also issued out a security update to shut down the backdoor.
ShadowPad can be "silently" deployed within targets' computers and when activated, can allow hackers to steal data. Kaspersky also warned that Shadow Pad "could be lying dormant on many other systems worldwide, especially if the users have not installed the updated version of the affected software."
"ShadowPad is an example of how dangerous and wide-scale a successful supply-chain attack can be. Given the opportunities for reach and data collection it gives to the attackers, most likely it will be reproduced again and again with some other widely used software component," Kaspersky Lab security expert Igor Soumenkov said in a statement.
Soumenkov added that NetSarang was "fast to react" in issuing out a patch for ShadowPad, "most likely preventing hundreds of data-stealing attacks against its clients."
"The security of our customers and user base is our highest priority and ultimately, our responsibility," NetSarang said in a statement. "The fact that malicious groups and entities are utilizing commercial and legitimate software for illicit gain is an ever-growing concern and one that NetSarang, as well as others in the computer software industry, is taking very seriously."
It still remains unclear as to who created the backdoor and how NetSarang was compromised for the attacker to hide ShadowPad into the firm's software. However Kaspersky Lab researchers are now urging firms using NetSarang's software to update their software.
"Given that the NetSarang programs are used in hundreds of critical networks around the world, on servers and workstations belonging to system administrators, it is strongly recommended that companies take immediate action to identify and contain the compromised software," Kaspersky Lab researchers said in a blog. "Given the opportunities for covert data collection, attackers are likely to pursue this type of attack again and again with other widely used software components."
You can find out more about how to download NetSarang's security update addressing the ShadowPad backdoor here.