Behind Closed Doors: The Rise of Hidden Malicious Remote Access

Cybereason analyzes the emergence and abuse of hidden remote-access techniques — hidden VNC (hVNC) and hidden RDP (hRDP) — as integrated features in modern RATs (Xeno, XWorm, Venom, Pandora). The report demonstrates how attackers create invisible desktops or covert RDP sessions to maintain stealthy persistence, perform data exfiltration and lateral movement, documents behavioral indicators (process injection, multiple explorer.exe instances, unusual command-line flags, unexpected RDP users), shows marketplace availability of these tools, and recommends detection and prevention controls using EDR, behavioral analytics, and application/variant/fileless protection.