Ransomware gang targets IT workers with new RAT masquerading as IP scanner

2024-08-06 13:25

Ransomware-as-a-service outfit Hunters International is wielding a new remote access trojan.

Angry IP Scanner is an IP address and port scanner, and as such is more likely to be downloaded and used by IT workers.

The SharpRhino RAT. The name of the malicious file containing the RAT - ipscan-3.9.1-setup.

The file is a NSIS installer, which modifies a Windows registry for persistence and creates a shortcut to Microsoft.

The malware also establishes two directories with identical files, enabling attackers to send commands to the RAT even if one of the directories is found and deleted.

"So far, Hunters International has claimed responsibility for 134 attacks in the first seven months of 2024. Typical of ransomware operators, Hunters International exfiltrates data from victim organisations prior to encrypting files, changing file extensions to.locked, and leaving a README message guiding recipients to a chat portal on the TOR network for payment instructions," the researchers noted.

News URL

https://www.helpnetsecurity.com/2024/08/06/ransomware-targets-it-workers/

#ransomware #RAT