The malware, dubbed SharpRhino, is hidden in a fake version of the popular scanning tool Angry IP Scanner, posted on typo-squatted sites with slightly misspelled URLs. This malware was discovered by Quorum Cyber and has been active since mid-June. Once executed, it alters registry settings, sets up command and control systems, encrypts files, and propagates ransomware threats through the network.
Quorum Cyber's analysts strongly suspect this malware is associated with Hunters International, a ransomware-as-a-service gang first identified in October last year. The gang has quickly risen to become one of the most detected ransomware threats, utilizing sophisticated tactics and malware deployment strategies to infiltrate systems and demand ransom payments.
Collection
[
|
...
]