Mallox is a sophisticated and dangerous family of malicious software that has been causing significant damage to organizations worldwide.
In 2023, this ransomware strain demonstrated an uptick in attacks, the overall number of discovered Mallox samples exceeding 700. In the first half of 2024, the malware was still being actively developed, with new versions being released several times a month, while the Mallox RaaS affiliate program advertised on dark web forums was seeking new partners. This article aims to provide a comprehensive technical overview of the ransomware and its history.
Read more…
Source: Kaspersky
Related:
- VCURMS: A Simple and Functional Weapon
March 12, 2024
Recently, FortiGuard Labs uncovered a phishing campaign that entices users to download a malicious Java downloader with the intention of spreading new VCURMS and STRRAT remote access trojans (RAT). The attackers stored malware on public services like Amazon Web Services (AWS) and GitHub, employing a commercial protector to avoid detection of the malware. The attacker attempts ...
- French state services hit by cyberattacks of ‘unprecedented intensity’
March 11, 2024
The latest cyberattack to hit France follows a warning from Attal’s defence adviser just last week that the Olympics games in July and European Parliament elections in June could be “significant targets”. Prime Minister Gabriel Attal’s office said several state bodies were targeted but did not provide details. “Many ministerial services were targeted” from Sunday “using ...
- Russia’s spy service accuses US of trying to meddle in presidential election
March 11, 2024
President Vladimir Putin’s foreign intelligence service on Monday accused the United States of trying to meddle in Russia’s presidential election and said that Washington even had plans to launch a cyber attack on the online voting system. Putin, who is almost certain to win the March 15-17 presidential election, has warned the West that any attempts ...
- Third-Party Breach and Missing MFA Contributed to British Library Cyber-Attack
March 11, 2024
The British Library ransomware attack was likely caused by the compromise of third-party credentials coupled with no multifactor authentication (MFA) in place to stop the attackers, despite previous warnings about these risks. This is according to a British Library report that sheds new light on the October 2023 attack, which shut down digital services and breached ...
- CISA confirms it was breached by attackers using Ivanti flaws
March 11, 2024
One of the organizations compromised through a recently-discovered flaw in Ivanti products was, ironically enough, the US government’s Cybersecurity and Infrastructure Security Agency (CISA). Confirmation of the breach came from CISA itself, as well as from an anonymous source “with knowledge of the situation”, with a CISA spokesperson telling The Record the organization “identified activity indicating ...
- Duvel forced to shut breweries after cyber attack
March 9, 2024
Belgian brewer Duvel has insisted it will have enough beer to keep supply flowing after it was hit by a cyber attack that brought production to a standstill. The company, one of the best-known Belgian beer brands, was hit by a suspected ransomware attack on Tuesday night that shut down five of its production facilities, four ...