Security researchers say they’ve spotted a new version of the Sarwent malware that opens RDP (Remote Desktop Protocol) ports on infected computers so hackers could gain hands-on access to infected hosts.
Researchers from SentinelOne, who spotted this new version, believe the Sarwent operators are most likely preparing to sell access to these systems on the cybercrime underworld, a common method of monetizing RDP-capable hosts.
The Sarwent malware is a lesser-known backdoor trojan that has been around since 2018. In its previous versions, the malware contained a limited set of functionality, such as having the ability to download and install other malware on compromised computers.
Read more…
Source: ZDNet