216.73.217.110

Fake Advanced IP Scanner Installer Delivers Dangerous Backdoor

· Published 06/06/2024 12:27 · Modified 06/06/2024 12:36

Export JSON

Essential information

Published
06/06/2024 12:27
Modified
06/06/2024 12:36
Tags
2024-06-06 backdoor cobaltstrike malicious-installer supply-chain typosquatting
Related entities
11 observables, 11 techniques (mitre), 1 malware

Description

Security researchers discovered a malicious version of the Advanced IP Scanner installer, which contained a backdoored DLL module. The compromised installer was distributed through a typo-squatted domain and appeared in search results for the legitimate software. When executed, the installer injected a beacon, a powerful remote access tool often used by threat actors, into a newly created process. This allowed the attackers to maintain control over the compromised system and potentially move laterally within the network.

External references