"Malware Opens RDP Backdoor Into Windows Systems"
Researchers at SentinelOne have discovered a new version of the Sarwent malware. Sarwent is a malware that started as a loader for other malware but has recently been updated with more functionalities. The new variant of Sarwent can open the Remote Desktop Protocol (RDP) port on Windows computers to ensure that the adversaries can find their way back into the system through the backdoor. The malware can also now execute commands via Windows Command Prompt and PowerShell. It can also create a new Windows user account, enable the RDP service for it, and make changes to the Windows firewall so that RDP access to the infected machine is allowed. Removing this malware from an infected computer will not automatically close the RDP "hole". Users will have to remove the user account set up by the malware and close the RDP access port in the firewall.
Help Net Security reports: "Malware Opens RDP Backdoor Into Windows Systems"