The hijacking of x64dbg to load PlugX was discovered last month by Palo Alto Networks Unit 42, which discovered a new variant of the malware that hides malicious files on removable USB devices to propagate the infection to other Windows hosts. Persistence is achieved by changing the Windows Registry and setting up scheduled processes to maintain access. Trend Micro’s analysis also revealed the use of x32dbg.exe to deploy a backdoor, a User Datagram Protocol (UDP) shell client controlled by a remote server. “This technique will remain viable for attackers to deliver malware and gain access to sensitive information as long as systems and applications continue to trust and load dynamic libraries,” stated researchers.
https://thehackernews.com/2023/02/plugx-trojan-disguised-as-legitimate.html
