Open source Windows debugging tool x64dbg has been impersonated by the post-exploitation modular remote access trojan PlugX, also known as Korplug, in its latest attacks in a bid to prevent detection, reports The Hacker News.
Threat actors could leverage the valid digital signature of the x64dbg file to evade security systems and facilitate privilege escalation, persistence, and file execution restriction bypass, according to a Trend Micro report.
Researchers also found that the debugging tool file has been used to facilitate the distribution of a UDP shell client backdoor enabling system information collection while waiting for additional remote server commands.
"Despite advances in security technology, attackers continue to use [DLL side-loading] since it exploits a fundamental trust in legitimate applications. This technique will remain viable for attackers to deliver malware and gain access to sensitive information as long as systems and applications continue to trust and load dynamic libraries," said researchers.