Threat actors are using security flaws in remote desktop applications like Sunlogin and AweSun to spread the PlugX virus. Security Emergency Response Center at AhnLab (ASEC).
According to a fresh investigation, it shows that the vulnerabilities are still being exploited to deliver different payloads to vulnerable systems. This includes the XMRig bitcoin miner, the Gh0st RAT, the Sliver post-exploitation framework, and the Paradise ransomware. The most recent addition to this list is PlugX.