1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This dangerous new Linux malware is going after VMware systems wi

    From TechnologyDaily@1337:1/100 to All on Mon Jul 22 18:30:04 2024
    This dangerous new Linux malware is going after VMware systems with multiple extortion attempts

    Date:
    Mon, 22 Jul 2024 18:19:03 +0000

    Description:
    Play ransomware observed expanding its victim pool and improving its negotiation position.

    FULL STORY ======================================================================

    Cybersecurity researchers from Trend Micro recently found a Linux variant of the dreaded Play ransomware strain targeting VMWare ESXi environments.

    In a technical breakdown, Trend Micros Threat Hunting team said this was the first time Play was seen targeting ESXi environments, and it could be that
    the criminals are broadening their attacks across the Linux platform, giving them an expanded victim pool and more successful ransom negotiations.

    Play was first spotted more than two years ago, and since then it became popular for its double-extortion tactics, evasion techniques, custom-built tools, and a substantial impact on companies in Latin America, the
    researchers explained. Prolific Puma and Revolver Rabbit

    Businesses usually use VMWares ESXi instances for virtual machines, where
    they host critical applications, data, and integrated backup solutions. By targeting these endpoints, Plays operators could reduce the chances of the victim recovering any encrypted data. Therefore, their negotiation position becomes that much better. Besides going after Linux endpoints, the new
    variant was also able to successfully evade security detections, Trend Micro added.

    Analyzing the infrastructure used for these campaigns, the researchers found
    a peculiarity - the URL used to host the encryptor is related to a threat actor known as Prolific Puma. This group is known for offering URL-shortening services to criminals, making phishing attacks more convincing, and thus,
    more disruptive.

    In late 2023, researchers Infoblox discovered a major link-shortening operation in which the criminals would use a registered domain generation algorithm (RDGA) to create domain names in bulk. Then, they would use those domains to provide a link-shortening service to other malicious actors.

    Earlier this month, the same company found a threat actor called Revolver Rabbit using RDGAs to register more than 500,000 domains, an effort on which they spent more than a million dollars. The hacker used the RDGA to create command and control (C2) and decoy domains for the XLoader infostealing malware.

    Via The Hacker News More from TechRadar Pro Criminals are spending millions on malicious domains and it's paying off for them in a big way Here's a list of the best malware removal tools around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-dangerous-new-linux-malware-is-goi ng-after-vmware-systems-with-multiple-extortion-attempts


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)