1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This Windows malware is now evolving to target Linux systems

    From TechnologyDaily@1337:1/100 to All on Tue Sep 24 19:45:05 2024
    This Windows malware is now evolving to target Linux systems

    Date:
    Tue, 24 Sep 2024 18:34:00 +0000

    Description:
    A new version of the Mallox ransomware was recently spotted and this one can go after Linux endpoints.

    FULL STORY ======================================================================

    Hackers have modified the infamous Mallox ransomware to also target Linux systems , experts have claimed.

    The new version is called Mallox Linux 1.0, and was recently discovered by cybersecurity researchers SentinelLabs, after Malloxs operators mistakenly leaked their tools.

    The analysis of the tool led the researchers to conclude that Mallox Linux
    1.0 is actually a rebrand of the Kryptina encryptor. Kryptina was built last year by a threat actor alias Corlys, who tried to rent the tool for roughly $800. However, since the cybercriminal community did not show much interest
    in the tool, Corlys shared it for free, in hopes that someone might pick it up. TargetCompany

    Now, it seems Mallox did, since the new variant uses Kryptinas source code, the same encryption mechanism (AES-256-CBC), and the same decryption
    routines. Furthermore, it uses the same command-line builder and
    configuration parameters, too. Therefore, Mallox devs only changed the name and appearance of the encryptor, and removed any mention of Kryptina from the documents. Everything else is left unchanged.

    For now, there is no word on potential victims, but in their analysis, researchers from Kaspersky said Mallox affiliates do not restrict their activities to a specific country. Instead, they attack vulnerable companies wherever they are. However, the majority of the firms struck by a variant of Mallox are located in either Brazil, Vietnam, or China.

    The ransomware is also known as Fargo, or TargetCompany, and has been active in one form or another since June 2021. At first, it was targeting mostly unsecured MS-SQL servers, Sekoia found. Another Mallox hallmark is to
    threaten the victims, especially those in the European Union, about potential GDPR violations.

    Between October 2022 and March 2023, its affiliates stole data from at least 20 organizations.

    Via BleepingComputer More from TechRadar Pro Visa warns dangerous new
    malware is attacking financial firms Here's a list of the best firewall software around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-windows-malware-is-now-evolving-to -target-linux-systems


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)