Threat actors have developed a backdoored version of the legitimate network scanning tool Advanced IP Scanner. Named AdvancedIPSpyware, the tool has already infected more than 80 organizations.
Advanced IP Scanner is usually used by network admins to monitor an organization’s network. However, threat actors created a malicious version of this tool containing a secret backdoor entry for malicious operations.
- This malicious software was hosted on two websites created using typosquatted domains, that were identical to the legitimate domain hosting Advanced IP Scanner.
- The backdoored binary was further signed with a genuine certificate, which appears most likely stolen from a genuine vendor.
- Since the genuine tool uses anonymization, it is difficult to locate the organizations using the infected version of this tool.