Winnti-Like Glutton Backdoor Targets Cybercriminals

A new PHP-based backdoor, “Glutton,” is targeting cybercriminals, particularly in China, exploiting the cybercrime ecosystem for profit. Glutton, linked to the Winnti Group with moderate confidence, can extract sensitive system data, deploy backdoors, and inject malicious code into PHP frameworks. The malware’s operators are using poisoned tools to turn cybercriminals into unwitting pawns, highlighting the interconnectedness and potential vulnerabilities within the cybercrime underground.