Novel Betruger backdoor deployed by RansomHub affiliate

Attacks with the newly emergent Betruger multi-function backdoor have been launched by a RansomHub ransomware-as-a-service affiliate, according to BleepingComputer.Threat actors have leveraged fake mailing-related apps to facilitate the distribution of Betruger, which has been integrated with network scanning, keylogging, privilege escalation, credential dumping, and other capabilities prevalent in tools often distributed prior to ransomware deployment, a report from Symantec's Threat Hunter Team revealed. "The functionality of Betruger indicates that it may have been developed in order to minimize the number of new tools dropped on a targeted network while a ransomware attack is being prepared," said researchers. Such a development comes as RansomHub has gained notoriety as one of the most prolific threat operations during the past year despite only emerging in February 2024, having targeted more than 200 organizations including U.S. telecommunications firm Frontier Communications, major oil services provider Halliburton, leading drugstore chain Rite Aid, and major U.S. substance use disorder and mental health disorder treatment provider BayMark Health Services.