<ul><li>Symantec researchers have identified a custom backdoor, named Betruger, linked to an affiliate of the RansomHub operation in recent ransomware attacks.</li><li>Betruger is a multi-function backdoor used for ransomware attacks that combines several features to minimize detection, such as screenshot capture, credential theft, keystroke logging, network scanning, and privilege escalation.</li><li>The backdoor is disguised as 'mailer.exe' or 'turbomailer.exe' to appear legitimate, but lacks mailing functions.</li><li>RansomHub, run by the cybercrime group Greenbottle, has become the most prolific ransomware operation, attracting affiliates by offering better terms and a higher percentage of ransom payments.</li></ul>

RansomHub affiliate uses custom backdoor Betruger

Discover more