PlugX RAT masquerades as legit Windows debugger to slip past security

According to a report dated March 1, 2023, the PlugX Trojan, a post-exploit implant that has been around since 2008, is being used by cybercriminals to gain remote access to specific systems. 

In a recent attack, criminals used a variant of PlugX to hijack the open source debugging tool x64dbg. This technique, called DLL side-loading, would allow PlugX to load a malicious payload after hijacking the trusted and digitally signed software application. 

Even with more advanced security tools, attackers continue to use this technique because it exploits trust in legitimate applications. It would appear that this technique remains viable for attackers as long as systems and applications continue to trust and load dynamic libraries. 

Read more about it : here