Mallox is a sophisticated and dangerous family of malicious software that has been causing significant damage to organizations worldwide.
In 2023, this ransomware strain demonstrated an uptick in attacks, the overall number of discovered Mallox samples exceeding 700. In the first half of 2024, the malware was still being actively developed, with new versions being released several times a month, while the Mallox RaaS affiliate program advertised on dark web forums was seeking new partners. This article aims to provide a comprehensive technical overview of the ransomware and its history.
Read more…
Source: Kaspersky
Related:
- GoldenEye Dog(APT-Q-27) gang’s recent use of “Silver Fox” Trojan stealing activities
June 6, 2025
GoldenEyeDog (tracked internally as APT-Q-27 by Qi’anxin) is a hacking group targeting people involved in gaming and dog-pushing in Southeast Asia, as well as the overseas Chinese community, with a range of business activities including remote control, mining, DDoS attacks, etc. It is related to a larger attack group tracked by Qi’anxin, the Miuuti Group. The ...
- Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721
June 6, 2025
The abuse of known security flaws to deploy bots on vulnerable systems is a widely recognized problem. Many automated bots constantly search the web for known vulnerabilities in servers and devices connected to the internet, especially those running popular services. These bots often carry Remote Code Execution (RCE) exploits targeting HTTP services, allowing attackers to embed ...
- Texas: Drivers’ data compromised in TxDOT data breach of nearly 300,000 crash reports
June 6, 2025
The Texas Department of Transportation said it is reaching out to Texans whose personal data was compromised during a data breach that led to the improper download of nearly 300,000 crash reports. Personal data included in crash reports includes: full names, mailing and/or physical addresses, driver license numbers, license plate numbers, car insurance policy numbers and ...
- Fake DocuSign and Gitcode sites are tricking victims into downloading malware
June 5, 2025
Security researchers have found fake Gitcode and DocuSign websites distributing remote access trojan (RAT) malware using the infamous ClickFix method. Experts from DomainTools Investigations (DTI) found “malicious multi-stage downloader Powershell scripts” hosted on spoofed websites inviting visitors to pull up the Windows Run terminal and run a script copied into their clipboard. “Upon doing so, the ...
- Ransomware hiding in fake AI, business tools
June 5, 2025
Artificial intelligence (AI) and small business tools are being abused as smokescreens to hit unsuspecting victims with ransomware. In the masquerade campaigns discovered by Cisco Talos, cybercriminals hid malware behind software and install packages that mimicked the websites or names of the lead monetization service Nova Leads, the enormously popular Chat GPT, and an AI-empowered video ...
- Ransomware gang claims responsibility for Kettering Health hack
June 4, 2025
A ransomware gang claimed responsibility for the hack on Kettering Health, a network of hospitals, clinics, and medical centers in Ohio. The healthcare system is still recovering two weeks after the ransomware attack forced it to shut down all its computer systems. Interlock, a relatively new ransomware group that has targeted healthcare organizations in the U.S. ...