Client on MONPASS certifies was revealed backdoor

Avast published Results of the study of the MONPASS Montolian Certifying Center Server, Which led to the backdoor substitution to the application proposed for installation of customers. Analysis showed that the infrastructure was compromised by hacking one of the Public MONPASS Web Servers based on the Windows platform. On the specified server, traces of eight different hacks were identified, as a result of which eight WebShell and backdors were installed for remote access.

Including malicious changes were made to the official client software, which was supplied with the backdoor from February 8 to March 3.
The story began with the fact that in response to the client’s complaint, Avast was convinced of the presence of malicious changes in the MONPASS installer distributed through the official website. After notification of the problem, MONPASS employees provided Avast access to a copy of the disk image of a cracked server to parse the incident.

/Media reports.