Fake Advanced IP Scanner Installer Delivers Dangerous Backdoor
Essential information
- Published
- 06/06/2024 12:27
- Modified
- 06/06/2024 12:36
- Tags
- 2024-06-06 backdoor cobaltstrike malicious-installer supply-chain typosquatting
- Related entities
- 11 observables, 11 techniques (mitre), 1 malware
Description
Security researchers discovered a malicious version of the Advanced IP Scanner installer, which contained a backdoored DLL module. The compromised installer was distributed through a typo-squatted domain and appeared in search results for the legitimate software. When executed, the installer injected a CobaltStrike beacon, a powerful remote access tool often used by threat actors, into a newly created process. This allowed the attackers to maintain control over the compromised system and potentially move laterally within the network.