Skip to content Dark Web Informer - Cyber Threat Intelligence
Support
Sign In Subscribe
Malware

A Threat Actor is Claiming to Sell PlanB, A Multifunctional Software Tool for Managing PHP Shells and Backdoors

 and  Dark Web Informer
2 min read

💡This post is part of Free Post Friday! If you're interested in subscribing to the platform please visit the subscriber page: https://darkwebinformer.com/status/#/portal/signup. If you would prefer to pay via cryptocurrency, please visit: https://darkwebinformer.com/crypto-payments

If you're interested in advertising please visit: https://darkwebinformer.com/advertising-rates/

💡 Subscribe to DarkWebInformer.com for Unmatched Cyber Threat Intelligence 💡

Why Subscribe? Let me do the work and save you time.

Stay ahead of cyber threats and safeguard your digital assets while enhancing your cybersecurity awareness with these exclusive subscriber-only features:

  • 📜
    Exclusive Threat Feeds: Access the latest ransomware victim disclosures, breaches, leaks, and other critical updates. You will receive approximately 100-150 alerts daily.
  • 📡
    Detailed Threat Posts: Stay updated on breaches, leaks, ransomware, DDoS attacks, and more.
  • 📤
    On-Demand Data Export: Export all 13,500+ alerts to JSON, CSV, or XML at any time for deeper analysis.
  • 🖼️
    High-Resolution Screenshots: All threat alerts include watermark-free, high-resolution images.
  • 🔗
    Direct Claim URLs: Instantly access claims with direct links for fast verification.

Click here to find out all of the exclusive benefits!

Subscribe Now Pay with Crypto

🔗 DarkWebInformer.com - Cyber Threat Intelligence

📅 Date: 2025-02-14 06:19:34
🚨 Title: Alleged Sale of "PlanB" – A Multifunctional Software Tool for Managing PHP Shells and Backdoors
🛡️ Victim Country: Not specified
🏭 Victim Industry: Not specified
🏢 Victim Organization: Not specified
🌐 Victim Site: Not specified
📜 Category: Alert
🔗 Claim: https://xss.is/threads/132576/#post-939454
🕵️‍♂️ Threat Actor: foof1ghter
🌍 Network: OpenWeb

What Happened?

A threat actor known as foof1ghter is allegedly selling a malware toolkit named "PlanB", which is designed to manage PHP shells and backdoors. The software has been developed and improved over 10 years, making it a sophisticated malicious toolkit for covert operations on compromised websites.

What is "PlanB" Capable Of?

  • Full PHP Shell & Backdoor Management (Covert file access, execution, and control)
  • Automated File Uploads, Execution, and Restoration
  • PHP/JavaScript Code Injection & Modification (Inject malicious scripts into compromised websites)
  • Remote Binary Execution & Restart (Windows/Linux Support)
  • Traffic Redirection & SEO Manipulation (Abuse search engine rankings and redirect traffic)
  • Hidden Admin Creation (Establish persistent unauthorized access to websites)
  • Advanced Obfuscation & Scheduling (Ensure long-term stealth and persistence)
  • Domain Reconnaissance & Exploitation Tools (Identify vulnerabilities in web applications)
  • Works Across Various PHP Backdoors

Why This Matters?

  • Widespread Web Compromise Risks – PlanB could be widely used to establish long-term persistence in compromised WordPress, Joomla, Magento, and other PHP-based websites.
  • Data Theft & Credential Harvesting – Attackers could exploit this tool to steal customer data, credentials, payment info, and admin access.
  • SEO & Ad Fraud Manipulation – The toolkit includes features to manipulate search engine rankings and hijack website traffic for malicious activities.
  • Stealthy, Hard-to-Detect Malware – The obfuscation, scheduling, and persistence mechanisms make it difficult for security solutions to detect and remove infections.
  • Potential for Mass Exploitation – If widely distributed, PlanB could escalate attacks on online businesses, e-commerce stores, and corporate websites.

What Should Be Done?

  • Monitor for PHP-Based Backdoors & Anomalous Behavior on web servers.
  • Scan for Unauthorized File Changes & Injection Attacks in PHP and JS files.
  • Enforce Strong File & Directory Permissions to prevent unauthorized access.
  • Deploy Web Application Firewalls (WAFs) & Intrusion Detection Systems (IDS) to detect and block suspicious activity.
  • Regularly Audit Website Security & Patch Vulnerabilities to prevent initial compromise.

Stay ahead of cyber threats. Visit DarkWebInformer.com for real-time updates on security risks and emerging cyber threats.

Related

Latest