New Malware Steals your Files Without you Even Knowing

New Malware Steals your Files Without you Even Knowing

According to Bitdefender, there is a new malware making the rounds that can steal sensitive information from your device without you even realizing. The stealthy malware known as RDStealer is thought to be a Chinese state-sponsored threat due to its sophistication.

RDStealer is a server-side malware that monitors RDP connections with client-drive mapping enabled. The RDP clients are infected with a backdoor called Logutil that helps extract sensitive information such as passwords. The malware is also able to keylog and capture clipboard data.

"Multiple DLL libraries are chained together... chosen locations blend well into the system, and the sideloading process itself is initiated through the clever utilization of the WMI subsystem," said Bitdefender.

RDStealer and Logutil are both written in a cross-platofrm programming language called “Go” – meaning that the malware can work on multiple operating systems.

Bitdefender also said that while the concept of this sort of attack method is known by cybersecurity professionals, it has yet to have been discovered in the wild until now. There is concern that its ability to be used across platforms could create a cybersecurity nightmare.

The malware avoids detection by inserting itself into folders that are commonly excluded from malware scanning software.

"This attack serves as a testament to the increasing sophistication of modern cyberattacks, but also underscores the fact that threat actors can leverage their newfound sophistication to exploit older, widely adopted technologies," Bitdefender concludes.

Bitdefender suggests using "defense-in-depth architecture [which] involves employing multiple layers of overlapping security measures that are designed to protect against a variety of threats."

"The use of multiple layers of security creates overlapping barriers that an attacker must overcome, which can reduce the likelihood of successful attacks, limit the scope of an attack if one occurs, and provide early warning of potential threats."

 

Story via TechRadar

Meta’s version of Twitter, ‘Threads’, Publicly Available on July 6

Meta’s version of Twitter, ‘Threads’, Publicly Available on July 6

Russian Hacker Arrested in U.S. with Ties to LockBit Ransomware

Russian Hacker Arrested in U.S. with Ties to LockBit Ransomware