PlugX malware spread via remote desktop program exploits

Threat actors have been exploiting remote desktop program vulnerabilities to facilitate PlugX malware delivery, The Hacker News reports. Following successful flaw exploitation, attackers proceed to execute a PowerShell command facilitating the execution of a legitimate ESET HTTP Server Service executable that would leverage DLL side-loading to enable DLL file and PlugX payload loading, according to a report from the AhnLab Security Emergency Response Center. Aside from having arbitrary service execution features, the PlugX malware also has external file downloading and executing capabilities, as well as the ability to deploy data harvesting plugins that could be spread through Remote Desktop Protocol. "New features are being added to [PlugX] even to this day as it continues to see steady use in attacks. When the backdoor, PlugX, is installed, threat actors can gain control over the infected system without the knowledge of the user," said ASEC.