๎ ‚March 9, 2023๎ „Rabbi LakshmananThreat Intelligence / Malware

Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun have been exploited by attackers to deploy PlugX malware.

AhnLab Security Emergency Response Center (ASEC) New analysisdemonstrating continued exploitation of the flaw to deliver various payloads to compromised systems.

This includes the Sliver post-exploitation framework, the XMRig cryptocurrency miner, the Gh0st RAT, and paradise ransomware.PlugX is the latest addition to this list.

This modular malware is widely used by China-based actors and is continuously adding new features to help it perform system control and information theft.

In attacks observed by ASEC, after successfully exploiting a vulnerability, PowerShell commands are executed to retrieve executable and DLL files from a remote server.

remote desktop software

This executable is a legitimate HTTP server service from cybersecurity firm ESET and is used to load DLL files and ultimately execute PlugX payloads in memory using a technique called DLL sideloading.

“PlugX operators use a variety of trusted binaries that are vulnerable to DLL sideloading, including a number of antivirus executables.” Security Joes I got it In a September 2022 report. “This has proven effective in infecting victims.”

webinar

Discover the hidden dangers of third-party SaaS apps

Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions granted and how to minimize the risks.

reserve a seat

This backdoor is also capable of starting arbitrary services, downloading and executing files from external sources, and dropping plugins that can collect and propagate data using Remote Desktop Protocol (RDP). Noteworthy.

“Added new features [PlugX] ASEC said: โ€œOnce his PlugX backdoor is installed, the attacker gains control over the infected system without the user’s knowledge.โ€

Did you find this article interesting?Please follow us twitter โ—‹ and LinkedIn To read more exclusive content that we post.

cropped-BTA_Logo-B-1-scaled-1
YOUR FUTURE STARTS HERE.

BLUE TRAINING ACADEMY

Register now for our membership to gain access to our elite training program and fast forward your career today!

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

cropped-BTA_Logo-B-1-scaled-1
Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ยฉ๏ธ All rights reserved. | Blue Training Academy Blog