Winnti Group Adds New Backdoor Dubbed ‘PortReuse’ to its Malware Arsenal


Researchers determined that a VMProtected packer is used in the PortReuse backdoor.
The Winnti Group has also updated the ShadowPad malware with changes that include the randomization of module identifiers.

What’s new?


Researchers from ESET have released new details about the Winnti Group which is known for its supply chain attacks.


A brief overview


The white paper released by ESET provides technical analysis of new malware strains used by the Winnti group. Researchers observed that the threat group has added a new backdoor dubbed PortReuse to its malware arsenal.


Researchers determined th ..