Hackers abuse legitimate RDP service to use fileless attack techniques for dropping multi-purpose off-the-shelf tools for device fingerprinting and to deploy malicious payloads ranging from ransomware to cryptocurrency miners. The Remote Desktop is the built-in feature with most of the Windows installation and it has built-in file-sharing functionality that is used by the attackers as an infection vector. Abusing Remote Desktop Server Feature The infection starts by abusing the feature of the Windows Remote Desktop Server in which the RDP client shares the virtual network file share location named “ tsclient ” of the connected computer. Attackers use these paths to create multiple-letter directory names. PC Drives According to Bitdefender researchers report , the attackers placed a malicious component of the attack named worker.exe located on the network share on the “tsclient” network location and it can be executed using explorer.exe or ...
The Hacks001 blog is the most popular, independent and trusted source for the latest news headlines on cybersecurity, hacking, computer security, cybercrime, privacy, vulnerabilities and technology for all businesses, information security professionals and hackers worldwide.