Kaspersky Lab researchers have discovered that hackers, suspected to be from China, have managed to install a backdoor in NetSarang’s software packages.
Evidence gathered suggest that the hackers may have either patched legitimate apps to add the backdoor trojan, or breached the South Korean software maker’s servers and tampered with the source code to generate apps that have the backdoor.
The following NetSarang apps have been backdoored, according to Kaspersky’s findings:
- Xmanager Enterprise 5 Build 1232
- Xmanager 5 Build 1045
- Xshell 5 Build 1322
- Xftp 5 Build 1218
- Xlpd 5 Build 1220
NetSarang has since cleaned its servers and released updates to address the problem.