The IBM X-Force Research team reported an increase in PHP C99 webshell attacks in April 2016. The attack type, dubbed b374k, has been tracking attacks over the past few months. This threat should be pushed to the top of your priority list, the research team says. It allows actors to: Harvest and exfiltrate sensitive data and credentials. Use it as a relay point to issue commands to hosts inside the network that dont have direct internet access, or to proxy other attacks.”]
Source: https://securityintelligence.com/the-webshell-game-continues/