New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP

Cybersecurity researchers have discovered a new PHP-based backdoor called Glutton, attributed to the Winnti (APT41) group. Glutton targets popular PHP frameworks, harvests system information, and drops an ELF backdoor, exploiting vulnerabilities and brute-force attacks for initial access. The malware framework, capable of infecting PHP files and planting backdoors, demonstrates a strategic focus on exploiting cybercrime resources, creating a recursive attack chain.