Cybersecurity company Bitdefender warns of malware specifically designed to steal data from Remote Desktop Protocol users in a new report.

In a recent report, Bitdefender warns of new malware specifically designed to steal data from Remote Desktop Protocol (RDP) users. This form of cyber attack has become much more popular since the corona pandemic.

spy story

This discovery is part of a larger investigation into spying practices in Southeast Asia, codenamed RedCloud. This operation has been running since the beginning of last year and shows the high level that often indicates a country’s commitment. However, no perpetrator could be immediately identified.

The offender

The malware, called RDStealer, is installed on servers and monitors incoming RDP connections Client Drive Mapping allows. Connected users are then infected with another malware, the Logutil backdoor, and hackers steal the data they need.

RDStealer uses advanced DLL sideloading technique (Dynamic link library). This is a very sneaky method of linking multiple DLLs and then sideloading (putting it simply: moving files) by manipulating Windows management instrumentation. To do this, attackers encode all malware in the Go programming language so that it can operate on different systems.

According to Bitdefender, this is the first time malware has carried out such an attack in practice. A fresh indication that cybercriminals are becoming more sophisticated and security remains of paramount importance.

Safety comes first

The company believes that a deep security structure with multiple layers is still the best way to work.

An important first factor is prevention. There are many actions an organization can take to achieve this:

• update regularly
• comprehensive risk management
• Fix vulnerabilities immediately
• Limit the number of access points to a system
• Evaluate access policies and adjust if necessary

Security itself is the second step. Make sure it’s always up to date. For example, the automation of security at all possible access points or the most modern anti-virus systems. Windows’ own Microsoft Defender can certainly be a part of it.

If an attack does get through, it’s important that both your system’s detection and response capabilities are activated as quickly as possible. The earlier an attack is detected, the quicker your system can initiate a defense or counterattack.

The technology world is evolving at a rapid pace, so it is paramount to keep investing in cybersecurity.