Endpoint/Device Security, Vulnerability Management

PlugX malware spread via remote desktop program exploits

Share

Threat actors have been exploiting remote desktop program vulnerabilities to facilitate PlugX malware delivery, The Hacker News reports. Following successful flaw exploitation, attackers proceed to execute a PowerShell command facilitating the execution of a legitimate ESET HTTP Server Service executable that would leverage DLL side-loading to enable DLL file and PlugX payload loading, according to a report from the AhnLab Security Emergency Response Center. Aside from having arbitrary service execution features, the PlugX malware also has external file downloading and executing capabilities, as well as the ability to deploy data harvesting plugins that could be spread through Remote Desktop Protocol. "New features are being added to [PlugX] even to this day as it continues to see steady use in attacks. When the backdoor, PlugX, is installed, threat actors can gain control over the infected system without the knowledge of the user," said ASEC.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.