Mallox is a sophisticated and dangerous family of malicious software that has been causing significant damage to organizations worldwide.
In 2023, this ransomware strain demonstrated an uptick in attacks, the overall number of discovered Mallox samples exceeding 700. In the first half of 2024, the malware was still being actively developed, with new versions being released several times a month, while the Mallox RaaS affiliate program advertised on dark web forums was seeking new partners. This article aims to provide a comprehensive technical overview of the ransomware and its history.
Read more…
Source: Kaspersky
Related:
- Android Minecraft clones with 35M downloads infect users with adware
April 27, 2023
A set of 38 Minecraft copycat games on Google Play infected devices with the Android adware ‘HiddenAds’ to stealthily load ads in the background to generate revenue for its operators. Minecraft is a popular sandbox game with 140 million monthly active players, which numerous game publishers have attempted to recreate. Read more… Source: Bleeping Computer
- Linux version of RTM Locker ransomware targets VMware ESXi servers
April 27, 2023
RTM Locker is the latest enterprise-targeting ransomware operation found to be deploying a Linux encryptor that targets virtual machines on VMware ESXi servers. The RTM (Read The Manual) cybercrime gang has been active in financial fraud since at least 2015, known for distributing a custom banking trojan used to steal money from victims. Read more… Source: Bleeping Computer
- Ukraine ‘testing ground’ for Australian cyber defences
April 27, 2023
Ukraine’s ambassador says cyber security assistance to help combat Russian aggression would also help boost Australia’s own capabilities. Vasyl Myroshnychenko said he would welcome any further assistance with Ukraine’s defence against Russia, adding it would provide Australia with a good opportunity to stress test its own resources. Read more… Source: MSN News
- Clop, LockBit ransomware gangs behind PaperCut server attacks
April 26, 2023
Microsoft has attributed recent attacks on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities to steal corporate data. Last month, two vulnerabilities were fixed in the PaperCut Application Server that allows remote attackers to perform unauthenticated remote code execution and information disclosure. Read more… Source: Bleeping Computer
- Chinese Alloy Taurus Updates PingPull Malware
April 26, 2023
Unit 42 researchers recently identified a new variant of PingPull malware used by Alloy Taurus actors designed to target Linux systems. While following the infrastructure leveraged by the actor for this PingPull variant, we also identified their use of another backdoor we track as Sword2033. The first samples of PingPull malware date back to September 2021. ...
- Energy giant warns of ‘catastrophic damage’ if government bans payment of cyber ransoms
April 26, 2023
A government-imposed ban on companies paying cyber ransoms to hackers could cause “catastrophic damage” and even lead to the loss of Australian lives, the nation’s biggest energy producer has warned. AGL Energy, whose board was recently reshuffled by Atlassian billionaire Mike Cannon-Brookes, described ransom bans as a dangerous double-edged sword. Read more… Source: 9News