Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware

    justmattgBy justmattgMarch 9, 2023No Comments2 Mins Read

    [ad_1]

    Mar 09, 2023Ravie LakshmananThreat Intelligence / Malware

    Remote Desktop Software

    Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware.

    AhnLab Security Emergency Response Center (ASEC), in a new analysis, said it marks the continued abuse of the flaws to deliver a variety of payloads on compromised systems.

    This includes the Sliver post-exploitation framework, XMRig cryptocurrency miner, Gh0st RAT, and Paradise ransomware. PlugX is the latest addition to this list.

    The modular malware has been extensively put to use by threat actors based in China, with new features continuously added to help perform system control and information theft.

    In the attacks observed by ASEC, successful exploitation of the flaws is followed by the execution of a PowerShell command that retrieves an executable and a DLL file from a remote server.

    Remote Desktop Software

    This executable is a legitimate HTTP Server Service from cybersecurity company ESET, which is used to load the DLL file by means of a technique called DLL side-loading and ultimately run the PlugX payload in memory.

    “PlugX operators use a high variety of trusted binaries which are vulnerable to DLL Side-Loading, including numerous anti-virus executables,” Security Joes noted in a September 2022 report. “This has been proven to be effective while infecting victims.”

    WEBINAR

    Discover the Hidden Dangers of Third-Party SaaS Apps

    Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.

    RESERVE YOUR SEAT

    The backdoor is also notable for its ability to start arbitrary services, download and execute files from an external source, and drop plugins that can harvest data and propagate using Remote Desktop Protocol (RDP).

    “New features are being added to [PlugX] even to this day as it continues to see steady use in attacks,” ASEC said. “When the backdoor, PlugX, is installed, threat actors can gain control over the infected system without the knowledge of the user.”

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous Article‘Skinny’ Cyber Insurance Policies Create Compliance Path
    Next Article IceFire Ransomware Portends a Broader Shift From Windows to Linux
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑