Subj : This Windows malware is now evolving to target Linux systems
To   : All
From : TechnologyDaily
Date : Tue Sep 24 2024 19:45:05

This Windows malware is now evolving to target Linux systems

Date:
Tue, 24 Sep 2024 18:34:00 +0000

Description:
A new version of the Mallox ransomware was recently spotted and this one can 
go after Linux endpoints.

FULL STORY
======================================================================

Hackers have modified the infamous Mallox ransomware to also target Linux 
systems , experts have claimed. 

The new version is called Mallox Linux 1.0, and was recently discovered by 
cybersecurity researchers SentinelLabs, after Malloxs operators mistakenly 
leaked their tools. 

The analysis of the tool led the researchers to conclude that Mallox Linux 
1.0 is actually a rebrand of the Kryptina encryptor. Kryptina was built last 
year by a threat actor alias Corlys, who tried to rent the tool for roughly 
$800. However, since the cybercriminal community did not show much interest 
in the tool, Corlys shared it for free, in hopes that someone might pick it 
up. TargetCompany 

Now, it seems Mallox did, since the new variant uses Kryptinas source code, 
the same encryption mechanism (AES-256-CBC), and the same decryption 
routines. Furthermore, it uses the same command-line builder and 
configuration parameters, too. Therefore, Mallox devs only changed the name 
and appearance of the encryptor, and removed any mention of Kryptina from the 
documents. Everything else is left unchanged. 

For now, there is no word on potential victims, but in their analysis, 
researchers from Kaspersky said Mallox affiliates do not restrict their 
activities to a specific country. Instead, they attack vulnerable companies 
wherever they are. However, the majority of the firms struck by a variant of 
Mallox are located in either Brazil, Vietnam, or China. 

The ransomware is also known as Fargo, or TargetCompany, and has been active 
in one form or another since June 2021. At first, it was targeting mostly 
unsecured MS-SQL servers, Sekoia found. Another Mallox hallmark is to 
threaten the victims, especially those in the European Union, about potential 
GDPR violations. 

Between October 2022 and March 2023, its affiliates stole data from at least 
20 organizations. 

 Via BleepingComputer More from TechRadar Pro Visa warns dangerous new 
malware is attacking financial firms Here's a list of the best firewall 
software around today These are the best endpoint security tools right now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/this-windows-malware-is-now-evolving-to
-target-linux-systems


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.