PlugX Trojan Disguised as Legitimate Windows Debugger Tool in Latest Attacks

[silversurfer]

Content source

https://thehackernews.com/2023/02/plugx-trojan-disguised-as-legitimate.html

The PlugX remote access trojan has been observed masquerading as an open source Windows debugger tool called x64dbg in an attempt to circumvent security protections and gain control of a target system.

"This file is a legitimate open-source debugger tool for Windows that is generally used to examine kernel-mode and user-mode code, crash dumps, or CPU registers," Trend Micro researchers Buddy Tancio, Jed Valderama, and Catherine Loveria said in a report published last week.

Trend Micro's analysis of the attack chain also revealed the use of x32dbg.exe to deploy a backdoor, a UDP shell client that collects system information and awaits additional instructions from a remote server.

"Despite advances in security technology, attackers continue to use [DLL side-loading] since it exploits a fundamental trust in legitimate applications," the researchers said.
"This technique will remain viable for attackers to deliver malware and gain access to sensitive information as long as systems and applications continue to trust and load dynamic libraries."

PlugX Trojan Disguised as Legitimate Windows Debugger Tool in Latest Attacks

PlugX remote access trojan has been caught disguising itself as a legitimate open source Windows debugger tool called x64dbg to gain control of target

thehackernews.com