New custom RDStealer malware has been leveraged to facilitate a more than a year-long compromise of an IT firm in East Asia, The Hacker News reports.
Attackers have targeted the organization's Dell machines and stored RDStealer within the Program Files folder to evade detection, according to a Bitdefender report.
Aside from featuring clipboard content and keystroke data collection capabilities, the Golang-based RDStealer malware also employs Remote Desktop Protocol connection monitoring to enable data exfiltration activities. The findings suggest persistent efforts by threat actors to obtain credentials and connections with other systems, noted a second Bitdefender report.
"Cybercriminals continually innovate and explore novel methods to enhance the reliability and stealthiness of their malicious activities. This attack serves as a testament to the increasing sophistication of modern cyberattacks, but also underscores the fact that threat actors can leverage their newfound sophistication to exploit older, widely adopted technologies," said Bitdefender researcher Marin Zugec, who authored the second report.
