As many as 85 command-and-control (C2) servers have beenΒ discoveredΒ supported by the ShadowPad malware since September 2021, with infrastructure detected as recently as October 16, 2022.
That's according to VMware's Threat Analysis Unit (TAU), whichΒ studiedΒ three ShadowPad variants using TCP, UDP, and HTTP(S) protocols for C2 communications.
ShadowPad, seen as a successor toΒ PlugX, is a modular