Binciken tsaro ya gano malware wanda ke buɗe tashoshin jiragen ruwa masu nisa akan Tacewar zaɓi. An kafa tashoshin jiragen ruwa na RDP (Nesa tebur), wannan yana sauƙaƙa wa maharan yin amfani da tashoshin RDP daga baya.
An fara amfani da Sarwent malware tun 2018. A farkon 2020 Vitali Kwemez ya aika da tweet game da Sarwent malware amma akwai ƙananan bayanai game da Sarwent malware akan intanet.
Hanyar da ake yada Sarwent malware ba a san shi gaba ɗaya ba; ana zargin cewa Sarwent yana yaduwa ta wasu malware, mai yiwuwa a cikin botnets.
Abin da aka sani game da Sarwent shine cewa bayan kamuwa da cuta malware ya haifar da sabon Windows asusun mai amfani a kan kwamfutar kuma yana buɗe tashar tashar RDP 3389 akan kwamfuta kuma a cikin Firewall. Wataƙila za a buɗe RDP don samun dama ga kwamfutar da ta kamu da cutar ta hanyar halitta Windows asusun mai amfani.
Adireshin IP na Sarwent, MD5 hashes, da yanki an san su daga Sarwent, waɗannan cikakkun bayanai ana rarraba su zuwa IOCs (Manufofin sasantawa) don kamfanoni don gano Sarwent.