Hunters International, a ransomware group thought to be a rebrand of Hive, now uses SharpRhino malware against IT professionals. This C# remote access trojan (RAT) helps the group gain access, escalate privileges, and run PowerShell commands to deploy ransomware on corporate networks. SharpRhino spreads through a site that mimics the Angry IP Scanner tool, tricking IT workers into downloading a malicious installer.
Once installed, SharpRhino alters the Windows registry for persistence and runs PowerShell scripts for execution. Its ability to mimic legitimate tools shows a new strategy targeting IT workers. To protect against these threats, avoid suspicious download links, use ad blockers, and bookmark official sites. Organizations should establish backup plans, segment networks, and keep software updated to reduce ransomware risks.