Security vulnerabilities in remote desktop programs such as Sunlogin and AweSun are being exploited by threat actors to deploy the PlugX malware.
AhnLab Security Emergency Response Center (ASEC), in a
new analysis, said it marks the continued abuse of the flaws to deliver a variety of payloads on compromised systems.
This
includes the Sliver post-exploitation framework, XMRig cryptocurrency miner, Gh0st RAT, and Paradise ransomware. PlugX is the latest addition to this list.
The
modular malware has been extensively put to use by threat actors based in China, with new features continuously added to help perform system control and information theft.
thehackernews.com
