Bitdefender Labs has released research warning of a sophisticated espionage campaign using malware never seen before, active since at least early 2022. The malware named RDStealer it is a server-side installation that hooks into the Windows Management Instrumentation (WMI) subsystem. Written in language Go and based on complex DLL sideloading techniques, it was designed to remain silent and continuously collect and exfiltrate sensitive information.
RDStealer, the new China-based malware targeted by Bitdefender
Bitdefender has not assigned a specific group of cybercriminals, however, the level of complexity and objectives are consistent with an APT based in Chinese. What makes RDStealer unique is its ability to compromise clients’ downstream connections Remote Desktop Protocol (RDP).
When an incoming RDP connection meeting certain criteria is detected, the compromised RDP host infects the connecting client with a backdoor and attempts to exfiltrate valuable data such as credentials or certificates.
Bitdefender invites companies of all sizes to raise the bar Attention. As telecommuting proliferates, the same techniques used by RDStealer could be applied to other remote access solutions with little or no changes at all.
Bitdefender suggests how to protect yourself from modern malware
Protection strategies against modern attacks (such as RDStealer) should incorporate a defense in depth architecture and include threat prevention, detection and response through solutions such as Extended Detection and Response (XDR), Endpoint Detection and Response (EDR) or a managed security service such as Managed detection and response (MDR).
Bitdefender, what is it
Bitdefender is a leading cybersecurity company offering the world’s best threat prevention, detection, and response solutions. Protecting millions of consumer, corporate and government environments, Bitdefender is regarded as one of the industry’s most trusted experts for eliminating threats, protecting privacy and data, and achieving cyber resiliency.
Thanks to significant investments in research and development, Bitdefender Labs discovers hundreds of new ones threats every minute and validates billions of threat queries per day. The company has pioneered breakthrough innovations in various technologies, such as anti-malware, IoT security, behavioral analytics, and artificial intelligence. Its technology is used under license by more than 180 of the world’s best-known technology brands. Founded in 2001, Bitdefender has customers in over 170 countries with offices worldwide.