This stealthy malware can steal your files without you knowing

A representative image of someone hacking online.
(Image credit: 123RF)

Bitdefender, one of the best antivirus software offerings around, has uncovered a worrying new malware that can extract sensitive information from an endpoint without the user ever finding out. 

Dubbed RDStealer, the malware has been used as part of an ongoing espionage operation against East Asian infrastructure since 2022, which Bitdefender believes is state-sponsored due to its sophistication. 

Although it failed to identify the specific culprit, Bitdefender believes that, “the target aligns with the interest of China-based threat actors.”

KDStealer malware

RDStealer is a server-side implant that monitors Remote Desktop Protocol (RDP) connections with client-drive mapping enabled. The RDP clients are infected with another custom malware called Logutil, a backdoor that helps to extract sensitive data, such as passwords and private keys. RDStealer can also keylog and capture clipboard content.

Bitdefender also claims that this campaign is more advanced than typical DLL Sideloading attacks: "Multiple DLL libraries are chained together... chosen locations blend well into the system, and the sideloading process itself is initiated through the clever utilization of the WMI subsystem." 

Both RDStealer and Logutil are written in Go, a cross-platform programming language which means the malware can work on multiple operating systems. Bitfender says it found references to both Linux and ESXi when analyzing domains connected to the attack, "indicating that the Logutil backdoor is a multiplatform tool."

The company also noted that although the concept behind the attack method has been known for a while, this is the first time malware utilizing it has been seen in the wild. It is concerned about its ability to be used across a wide variety of platforms with minimal or no modification, and the prevalence of such solutions post-pandemic.

To avoid detection, the threat actors injected the malware into folders that are commonly excluded from malware scanning software, such as '%WinDir%\System32\' and '%WinDir%\security\database'. 

Bitdefender posits that threat actors may have chosen this latter location in anticipation of administrators excluding it entirely from security scans, since Microsoft provides specific guidance on omitting certain files within this folder from such scans. 

"This attack serves as a testament to the increasing sophistication of modern cyberattacks, but also underscores the fact that threat actors can leverage their newfound sophistication to exploit older, widely adopted technologies," Bitdefender concludes.

In order to stay protected, the company suggests using, "defense-in-depth architecture [which] involves employing multiple layers of overlapping security measures that are designed to protect against a variety of threats."

"The use of multiple layers of security creates overlapping barriers that an attacker must overcome, which can reduce the likelihood of successful attacks, limit the scope of an attack if one occurs, and provide early warning of potential threats."

TOPICS
Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.

Read more
Trojan
Microsoft warns of a devious new RAT malware which can avoid detection with apparent ease
An American flag flying outside the US Capitol building against a blue sky
US military and defense contractors hit with Infostealer malware
Hands typing on a keyboard surrounded by security icons
Infostealers on the rise: the latest concern for organizational defenses
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
A white padlock on a dark digital background.
A new and dangerous keylogger is on the loose - here's how to stay safe
Mustang Panda
Chinese hackers abuse Microsoft tool to get past antivirus and cause havoc
Latest in Pro
Branch office chairs next to a TechRadar-branded badge that reads Big Savings.
This office chair deal wins the Amazon Spring Sale for me and it's so good I don't expect it to last
Saily eSIM by Nord Security
"Much more than just an eSIM service" - I spoke to the CEO of Saily about the future of travel and its impact on secure eSIM technology
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
FlexiSpot office furniture next to a TechRadar-branded badge that reads Big Savings.
Upgrade your home office for under $500 in the Amazon Spring Sale: My top picks and biggest savings
Beelink EQi 12 mini PC
I’ve never seen a PC with an Intel Core i3 CPU, 24GB RAM, 500GB SSD and two Gb LAN ports sell for so cheap
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Latest in News
DeepSeek
Deepseek’s new AI is smarter, faster, cheaper, and a real rival to OpenAI's models
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring