What Is RDPPatcher?

Cyber attacks are far more common now compared to a few years ago, which has security researchers concerned. Experts are warning about a new major threat, dubbed RDPPatcher. In fact, it appears criminals use this method of selling remote access to hacked computers as a way to earn a lot of money through darknet marketplaces. It is due time we take a look at what RDPPatcher embodies exactly.

RDPPatcher Is A Big Problem

Criminals are installing malware through Remote Desktop Protocols. Thousands of infection attempts are recorded every single day, which is of particular concern to security experts. Considering how quite a few enterprises rely on Remote Desktop Protocol connections, this technology can leave millions of computers vulnerable to attack

To make matters worse, it appears criminals have started to use these remote connections as a way to provide others with access to vulnerable computer systems. To be more precise, the new wave of RDP attacks aims to sniff out point of sale terminals and ATMs, indicating RDPPatcher is a major threat to the banking sector. Attacking these terminals and ATMs can be done over the internet in an anonymous manner, making them high-value targets for hackers.

One of the most recent RDPPatcher attacks took place in January 2017, albeit it is believed the attack was initiated two months prior. Criminals obtained the correct credentials to infiltrate a bank network by using a brute force attack. Once they gained entry to the internal system, they initiated a malware distribution, which was eventually blocked by Adaptive Defense. Despite modifications made to the malware being injected, the bank’s security software successfully thwarted further attacks.

As one would expect from a malicious tool such as RDPPatcher, it is designed to gather as much information about the infected device as possible. The developers collect this information, which is transmitted to a command and control server. It also determines which antivirus solution is present on the computer, yet does not try to turn it off by any means. Unfortunately, this is only a glimpse of what this malicious tool is capable of.  

What is of real concern about the RDPPatcher process is how the information gathered is used as an advertisement tool. Criminals will advertise they have access to this specific device on various darknet forums, in the hopes someone will pay them to abuse the infected system. Since there is no credentials or data theft taking place while RDPPatcher gathers its information, this unauthorized access will not be detected anytime soon.

When criminals provide remote access to vulnerable systems as a service, things are evolving in the wrong direction. Unfortunately, it is virtually impossible for security companies to do anything about RDPPatcher in its current state, as very little is know about the tool itself. Anyone who successfully infiltrates a system can make a lot of money from “reselling” the login credentials to a more sophisticated hacker group. A very troublesome development, that much is certain.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.