ASEC (AhnLab Security Emergency response Center) has recently reported that in order to deploy PlugX malware, threat actors are exploiting vulnerabilities in Chinese remote desktop programs like:-
The use of these flaws on compromised systems continues to be exploited to deliver a variety of payloads as a result of ongoing abuses. The following are included:-
There are a number of malware on this list, but PlugX is the most recent. Chinese threat actors have extensively used modular malware, with new features constantly being added to aid in the theft of sensitive information and control of systems.
In the past, PlugX has been used by a number of recognized APT threat groups in their attacks, including:-
The majority of these APT groups are Chinese since they are primarily based in that country. There are several plugins with different features that are supported by PlugX, which is a module-based malware.
China-based APT threat groups are known to use PlugX as one of their major backdoors to compromise their targets. There is a long history behind the distribution of this malware, which dates back to 2008, when the first attacks were carried out.
With the passage of time, it has evolved and there are now many variants, and each variant has a unique set of features that can benefit cyber criminals.
According to the report, Cyber attackers have been successful in exploiting system vulnerabilities in attacks that ASEC has observed. An executable and a DLL file are retrieved from a remote server after hackers exploit the flaws using a PowerShell command.
The executable being discussed here is a legitimate HTTP Server Service since it comes from ESET, a company that offers cybersecurity solutions.
Once the DLL file is loaded, the PlugX payload is run in memory. Although this technique is used for legitimate purposes, it can also be exploited by malicious actors.
There are many trusted binaries used by PlugX operators, including many anti-virus executables, which are vulnerable to side-loading by DLLs. A number of studies have demonstrated that this technique is effective in infecting victims.
Additionally, one of the most notable features of the backdoor is its ability to:
PlugX continues to be improved with new features even today, as it continues to be used in attacks on a regular basis.
Moreover, there is a possibility that an attacker can gain control over an infected system by installing PlugX without the user knowing. It is consequently possible for a variety of malicious behavior to be perpetrated as a result of this.
In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…
Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…
The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…
In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…
A recent campaign has been observed to be delivering DJvu ransomware through a loader that…
In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…