Windows debugger tool spoofed by PlugX RAT in new attacks

Open source Windows debugging tool x64dbg has been impersonated by the post-exploitation modular remote access trojan PlugX, also known as Korplug, in its latest attacks in a bid to prevent detection, reports The Hacker News. Threat actors could leverage the valid digital signature of the x64dbg file to evade security systems and facilitate privilege escalation, persistence, and file execution restriction bypass, according to a Trend Micro report. Researchers also found that the debugging tool file has been used to facilitate the distribution of a UDP shell client backdoor enabling system information collection while waiting for additional remote server commands. "Despite advances in security technology, attackers continue to use [DLL side-loading] since it exploits a fundamental trust in legitimate applications. This technique will remain viable for attackers to deliver malware and gain access to sensitive information as long as systems and applications continue to trust and load dynamic libraries," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.