Security News > 2023 > March > Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware
Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware.
AhnLab Security Emergency Response Center, in a new analysis, said it marks the continued abuse of the flaws to deliver a variety of payloads on compromised systems.
The modular malware has been extensively put to use by threat actors based in China, with new features continuously added to help perform system control and information theft.
In the attacks observed by ASEC, successful exploitation of the flaws is followed by the execution of a PowerShell command that retrieves an executable and a DLL file from a remote server.
This executable is a legitimate HTTP Server Service from cybersecurity company ESET, which is used to load the DLL file by means of a technique called DLL side-loading and ultimately run the PlugX payload in memory.
"PlugX operators use a high variety of trusted binaries which are vulnerable to DLL Side-Loading, including numerous anti-virus executables," Security Joes noted in a September 2022 report.
News URL
https://thehackernews.com/2023/03/hackers-exploiting-remote-desktop.html
Related news
- Hackers leverage 1-day vulnerabilities to deliver custom Linux malware (source)
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites (source)
- Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware (source)
- Russian hackers target German political parties with WineLoader malware (source)
- Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties (source)
- Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite (source)
- Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware (source)