Researchers at Bitdefender have warned of a new form of malware that attacks remote desktop protocol clients to steal data.
The malware is known to Bitdefender as RDStealer, SiliconANGLE reports. The Labs team inside the company discovered the malicious program while observing an East Asian state spy operation called RedClouds.
Series of dlls
The malware uses a unique form of attack: the sideloading of DLLs. These files reside throughout Windows, providing functions and data that other programs can use. Cyber-attackers can exploit this by deploying a series of DLLs so they do not stand out within the operating system. After all, a conventional PC is teeming with these types of library files.
According to Bitdefender Labs, this is the first time this tactic has occurred in the wild. However, the exploitation of remote desktop sessions is not new. Thus, cybercriminals can combine old and new tactics to stay one step ahead of security.
What is also no different from usual is the advice Bitdefender researchers are giving to counter the attacks. Defense-in-depth, or using multiple security measures that tend to overlap, is essential. For example, methods like MFA, encryption, updating applications and continuous monitoring for vulnerabilities can combine to create a secure IT environment.
Still, it remains true that cybercriminals are inventive, so in no time we’ll be faced with a new attack tactic.