Kaspersky says they discovered the ShadowPad malware while investigating suspicious DNS requests for a financial institution. The software firm NetSarang, a developer of management tools for servers and clients, has been hacked with the malware. The malware called out to specific domains with information about the system (username, domain, host, etc.) The domains used will change monthly, and the domains have been registered to cover July though December, 2017. It isn’t clear how the attackers compromised Netsarang and were able to add malware to their code.”]
Source: https://www.csoonline.com/article/3216547/kaspersky-discovers-supply-chain-attack-at-netsarang.html