A new version of the Sarwent malware can open the Remote Desktop Protocol (RDP) port on target Windows computers to make sure that crooks can find their way back into the system through the backdoor.
Whether that access is used later by the same crooks or sold to ransomware gangs or cyber espionage groups is unknown, but affected users should know that removing the malware does not close that particular “backdoor”.
Sarwent’s new capabilities
Sarwent is a piece of malware that started out as a loader for other malware, but has recently been updated with two new functionalities, SentinelOne researchers discovered.
These never variants can now also:
Execute commands via Windows Command Prompt and PowerShell
Create a new Windows user account, enable the RDP service for it, and make change ..
Support the originator by clicking the read the rest link below.
