NetSarang Xshell 5 Backdoor Trojan (ShadowPad)
Critical Nessus Plugin ID 102713
SynopsisThe remote host contains an application that is affected by a trojan backdoor.
DescriptionThe Xshell 5, a terminal emulator for Windows, installed on the remote host has a nssock2.dll file identified by its MD5 hash that is infected with a trojan backdoor.
The affected file includes an encrypted payload that could be remotely activated by a knowledgeable attacker.
SolutionUpgrade to Xshell 5 Build 1326 or later.