THREATNOIR
Subscribe
Back to Feed
MalwareMay 12, 2026

"EtherRAT was installed via a malicious MSI [...] then deployed The Gentlemen ransomware" Already...

EtherRAT remote access trojan deployed via malicious MSI installer before delivering The Gentlemen ransomware.

Read at source

Summary

Security researchers discovered EtherRAT, a remote access trojan, being delivered through malicious MSI (Windows Installer) packages, which subsequently deployed The Gentlemen ransomware. The samples were shared with security community members in April and additional variants are reportedly in circulation. This represents a multi-stage attack chain combining initial access and lateral movement with ransomware deployment.

Indicators of Compromise

  • malware — EtherRAT
  • malware — The Gentlemen

Entities

Windows Installer (MSI) (technology)