silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,239
The PlugX remote access trojan has been observed masquerading as an open source Windows debugger tool called x64dbg in an attempt to circumvent security protections and gain control of a target system.
"This file is a legitimate open-source debugger tool for Windows that is generally used to examine kernel-mode and user-mode code, crash dumps, or CPU registers," Trend Micro researchers Buddy Tancio, Jed Valderama, and Catherine Loveria said in a report published last week.
Trend Micro's analysis of the attack chain also revealed the use of x32dbg.exe to deploy a backdoor, a UDP shell client that collects system information and awaits additional instructions from a remote server.
"Despite advances in security technology, attackers continue to use [DLL side-loading] since it exploits a fundamental trust in legitimate applications," the researchers said.
"This technique will remain viable for attackers to deliver malware and gain access to sensitive information as long as systems and applications continue to trust and load dynamic libraries."
PlugX Trojan Disguised as Legitimate Windows Debugger Tool in Latest Attacks
PlugX remote access trojan has been caught disguising itself as a legitimate open source Windows debugger tool called x64dbg to gain control of target
thehackernews.com