CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware

admin by admin
March 9, 2023
in Information Security


Mar 09, 2023Ravie LakshmananThreat Intelligence / Malware

Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware.

AhnLab Security Emergency Response Center (ASEC), in a new analysis, said it marks the continued abuse of the flaws to deliver a variety of payloads on compromised systems.

This includes the Sliver post-exploitation framework, XMRig cryptocurrency miner, Gh0st RAT, and Paradise ransomware. PlugX is the latest addition to this list.

The modular malware has been extensively put to use by threat actors based in China, with new features continuously added to help perform system control and information theft.

In the attacks observed by ASEC, successful exploitation of the flaws is followed by the execution of a PowerShell command that retrieves an executable and a DLL file from a remote server.

Remote Desktop Software

This executable is a legitimate HTTP Server Service from cybersecurity company ESET, which is used to load the DLL file by means of a technique called DLL side-loading and ultimately run the PlugX payload in memory.

“PlugX operators use a high variety of trusted binaries which are vulnerable to DLL Side-Loading, including numerous anti-virus executables,” Security Joes noted in a September 2022 report. “This has been proven to be effective while infecting victims.”

WEBINAR

Discover the Hidden Dangers of Third-Party SaaS Apps

Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.

RESERVE YOUR SEAT

The backdoor is also notable for its ability to start arbitrary services, download and execute files from an external source, and drop plugins that can harvest data and propagate using Remote Desktop Protocol (RDP).

“New features are being added to [PlugX] even to this day as it continues to see steady use in attacks,” ASEC said. “When the backdoor, PlugX, is installed, threat actors can gain control over the infected system without the knowledge of the user.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Establishing a data perimeter on AWS: Allow only trusted resources from my organization

Next Post

Calculating Total Cost of Ownership of an ITSM Solution

Related Posts

Information Security

Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals

by admin
September 26, 2023
Information Security

What is Digital Identity? | Avast

by admin
September 26, 2023
Information Security

New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware

by admin
September 25, 2023
Information Security

New Advanced Backdoor with Distinctive Malware Tactics

by admin
September 24, 2023
Information Security

New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks

by admin
September 23, 2023
Next Post

Calculating Total Cost of Ownership of an ITSM Solution

Recommended

InnovationBreakthrough Book Introduction Chapter 1 Breakthrough Innovation Types ~ Future of CIO

September 26, 2023

Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals

September 26, 2023

What is Digital Identity? | Avast

September 26, 2023

5 Essential Competency Areas for Success

September 26, 2023

Innovation Breakthrough Chapters Review ~ Future of CIO

September 25, 2023

New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware

September 25, 2023

© CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.