![]() ![]() RDStealer specializes in data gathering, clipboard capturing, and keylogging. The findings suggest the attackers have anticipated administrators simply excluding the entire folder. Researchers also found malware in %WinDir%\security\database directory, where Microsoft has advised administrators to exclude specific files from scanning. ![]() The attack itself appears more concerned with the theft of data and credentials, and used folders that were likely to be excluded by scanners such as %WinDir%\System32\. The cross-platform nature of RDStealer represents an even more significant threat since both the RDStealer and Logutil malware samples have been written in the Go programming language.ĭuring an analysis of domains connected to the attack, researchers noted references to Linux and ESXi - the VMware hypervisor - indicating the multiplatform potential of the Logutil backdoor. The attack features multiple DLL libraries chained together and the process is initiated through the utilization of the Windows Management Instrumentation (WMI). New ways to mitigate vulnerabilities and support threat detection Unified Endpoint Management and Security in a work-from-anywhere world ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |