Recently, a new version of the Sarwent malware was released. This new software has the capability to open the RDP ports on Windows PCs making them an easy target for hackers.
This is a serious threat to Windows PC users and it is advised that they be careful though some users have already been affected. Getting rid of the malware is one thing but that doesn’t fix the problem with the RDP port, they can be retargeted again and again.
What can the new Sarwent Malware do?
The Sarwent malware is known as a backdoor malware that functions as a malware loader in the past. Though less attention has been previously given to it, newer updates now show how dangerous the malware can be. The updates were mainly focused on RDP ports.
With the newer updates, the Sarwent malware can execute commands on Windows computers via PowerShell and the Windows Command Prompt (CMD). Also, the malware can create a new Windows user account and with this make changes that affect the computer’s firewall. All of these are to ensure smooth access to RDP.
As mentioned before, removing the malware still leaves the RDP ports vulnerable and the hackers can still launch an attack. Computer owners are advised to erase all user accounts created by the Sarwent malware and revert the RDP changes made in the firewall to fix the problem.
Why Hackers are interested in RDP ports
With malware such as Sarwent, it is clear that hackers are picking more interest in attacking Windows computers via their Remote Desktop Protocol Ports. They scan computers and servers looking for RDP vulnerabilities and then try to force their way through the ports. Well, the situation is linked to the COVID-19 pandemic which the world is currently dealing with. As more and more companies get their workers to work from home, the use of RDP has been on the high side.