Hunters International Group Hunts IT Workers with 'SharpRhino' - New Backdoor Malware
HTML-код
- Опубликовано: 10 сен 2024
- Researchers have uncovered that the Hunters International cybercrime syndicate behind several major attacks is now leveraging a malicious tool called SharpRhino to specifically target IT professionals.
According to analysis from security experts at Quorum Cyber, SharpRhino functions as a remote access Trojan programmed in C# that's designed to help Hunters International breach corporate networks. It allows them to achieve an initial foothold on infected systems, elevate privileges, execute PowerShell commands, and eventually deploy their ransomware payload.
SharpRhino is being distributed through a website impersonating the legitimate open source networking scanning tool Angry IP Scanner. This typosquatting domain is likely enticing IT workers who regularly use such utilities to unintentionally download the trojanized installer containing the RAT.
Once installed, SharpRhino establishes persistence on Windows through registry modifications. It then drops batch files to compile the C# code directly in memory, avoiding common malware detection techniques. The malware is capable of retrieving and running additional commands over its hardcoded command and control infrastructure as well.
#Huntersinternational #SharpRhino #malware #backdoor #news #technews #cyberattack #cybersecurity
FIND US AT
dailysecurityr...
FOLLOW US ON SOCIAL
Get updates or reach out to Get updates on our Social Media Profiles!
Twitter: / securitydailyr
Facebook: www.facebook.c...
LinkedIn: / security-daily-review
