A new version of the Sarwent malware can open the Remote Desktop Protocol (RDP) port on target Windows computers to make sure that crooks can find their way back into the system through the backdoor. Whether that access is used later by the same crooks or sold to ransomware gangs or cyber espionage groups is unknown, but affected users should know that removing the malware does not close that particular “backdoor”. Sarwent is a piece of malware that started out as a loader for other malware, but has recently been updated with two new functionalities, SentinelOne researchers discovered.
Source: Helpnetsecurity