A ransomware group that goes by the name of Hunter International is targeting IT workers with SharpRhino. SharpRhino is a new remote access trojan coded in C# that sets up persistence and gets remote access to the corporate networks. It gains elevated permissions to ensure the attacker can continue their activities with minimal interference.
The malware opens an entry point for the hunters where after the initial infection, they start gaining and elevating the privileges on compromised systems, execute PowerShell commands, and eventually deploy the ransomware payload.
This new malware was found by the cyber researcher group – Quorum, which noted that it spreads via a typosquatting site which is an impersonation of the actual site. Typosquatting makes use of typos that lead the user to an imposter website hosted on a similar-sounding domain (gooogle.com instead of google.com) which is a lookalike of the original one. Hunters International is a ransomware operation that was launched in 2023 and is possibly a rebranding of Hive due to the resemblance in the coding structure.
The threat group has listed 134 organizations worldwide where they plan to attack or have already executed their plans. It ranks 10th among the most active groups in the space.
What is SharpRhino RAT?
RATs stand for Remote Access Trojan. It is a malicious software that lets attackers in on an infected computer via remote access. It is most suitable for stealing sensitive data, editing files, and carrying out other sinister activities without getting noticed. RATs are best for data theft and carrying out cybercrimes such as deploying malware.
SharpRhino spreads as a virtually signed 32-bit installer containing a self-extracting password-protected 7z archive with additional files to perform the infection.
For more updates on the cyber world, keep reading Cyber Technology Insights.