BleepingComputer reports that Windows devices are being infected with the PlugX malware, which is hidden on removable USB drives.
Attackers have been enabling PlugX payload deployment through the use of the Windows debugger "x64dbg.exe" and the malicious "x32bridge.dll," which could not be detected by most antivirus engines on Virus Total, a report from Palo Alto Networks' Unit 42 team revealed.
The PlugX malware identified by researchers was also found to use a Unicode character for new directory creation in USB drives, enabling concealment in Windows Explorer and the command shell.
"The shortcut path to the malware contains the Unicode whitespace character, which is a space that does not cause a line break but is not visible when viewed via Windows Explorer," said researchers.
Successful PlugX infection would prompt further tracking of new USB devices to be infected. USB drives have also been targeted by another PlugX malware version with file-stealing capabilities, the report showed.
Malicious posts detailing instructions for downloading cracked software on torrent trackers and forums enable deployment of SteelFox and acquisition of administrator access, which is then leveraged to establish a WinRing0.sys driver susceptible to privilege escalation via the CVE-2020-14979 and CVE-2021-41285 flaws, according to an analysis from Kaspersky.
Malicious emails purporting to be invoices that contain ZIP attachments have been delivered to facilitate the execution of a WebDAV-retrieved DLL that loads the updated Strela Stealer variant.
Pro-Russian hacktivist operations Killnet and Passion have leveraged Dstat.cc to promote their DDoS attack capabilities, with the latter touting its abilities to launch level 4 and level 7 intrusions, according to Germany's Federal Crime Police Office, or BKA.