- A new version of the Sarwent malware can open the Remote Desktop Protocol (RDP) port on target Windows computers to make sure that crooks can find their way back into the system through the backdoor.
- Affected users should know that removing the malware does not close that particular “backdoor”.
- Sarwent is a piece of malware that started out as a loader for other malware, but has recently been updated with two new functionalities:
- Execute commands via Windows Command Prompt and PowerShell
- Create a new Windows user account, enable the RDP service for it, and make changes to the Windows firewall so that RDP access to the infected machine is allowed
– Zeljka Zorj | May 26, 2020