Mysterious case steals data via RDP malware

Cybersecurity firm Bitdefender warns in a new report of malware specifically designed to steal data from Remote Desktop Protocol users.

In a recent report, Bitdefender warns of new malware It is specifically designed to steal data from users of the Remote Desktop Protocol, or RDP. This form of cyberattack has become more common since the Covid pandemic.

The discovery is part of a larger investigation into espionage practices in Southeast Asia. These attacks are codenamed RedCloud. The process has been going on since the beginning of last year and shows the often high level of state involvement. However, investigators were unable to directly identify the culprit.


Dubbed RDStealer, the malware is installed on servers and monitors incoming RDP connections Set client drive maybe. Connected users are then infected with another malware, the Logutil backdoor, and hackers steal the data they need.

RDStealer uses advanced DLL sideloading technology. This is a very sneaky way of linking several DLLs and then sideloading (simply speaking, moving files) through Windows Management Instrumentation processing. To do this, the attackers encrypt all the malware in the Go programming language so that they can run in different systems.

According to Bitdefender, this is the first time that malware has carried out such an attack in practice. This is another indication that cyber criminals are becoming increasingly sophisticated and security is still of paramount importance.

Read also

Poll: What Antivirus Protects My Windows Laptop?

Safety above all

The company is convinced that a deep, layered security architecture is still the best way to operate.

See also  Elden Ring's lyrics in the game were written by Miyazaki, not George R. R. Martin

The first important factor is prevention. There are several actions an organization can take to achieve this:

  • Update regularly
  • Comprehensive risk management
  • Patch security vulnerabilities immediately
  • Determine the number of access points to the system
  • Review and, if necessary, amend the access policy

The security itself is the second step, make sure it is always up to date and provide security automation on all possible access points or the latest antivirus systems. Microsoft Defender for Windows can certainly be a part of that.

In the event of an attack, it is important to have your system’s detection and response capabilities activated as quickly as possible. The earlier an attack is detected, the faster your system can initiate a defense or counterattack. The world of technology is rapidly evolving, so continuing to invest in cyber security is of the utmost importance.

Winton Frazier

 "Amateur web lover. Incurable travel nerd. Beer evangelist. Thinker. Internet expert. Explorer. Gamer."

Leave a Reply

Your email address will not be published. Required fields are marked *