Researchers at Cybereason have uncovered a new malware called RdStealer, which specifically targets Windows systems using Remote Desktop Protocol (RDP). This malware is designed to pilfer sensitive information from drives shared over RDP connections. Once installed, RdStealer gains access to shared drives during an RDP session and proceeds to search for specific file extensions such as .doc, .xls, .pdf, and .zip. The stolen files are then compressed into a password-protected ZIP archive and sent to a remote server controlled by the attackers.
The emergence of RdStealer highlights a significant threat to organizations that heavily rely on RDP for remote access. To combat this risk, the article suggests implementing robust security measures, including strong authentication mechanisms and multi-factor authentication. It also emphasizes the importance of user awareness and training to prevent initial infections, as attackers commonly exploit weak passwords and security misconfigurations to gain unauthorized access to RDP sessions. Heightened vigilance and security practices are crucial to protect against RdStealer and similar malware targeting shared drives over Remote Desktop.