Mallox is a sophisticated and dangerous family of malicious software that has been causing significant damage to organizations worldwide.
In 2023, this ransomware strain demonstrated an uptick in attacks, the overall number of discovered Mallox samples exceeding 700. In the first half of 2024, the malware was still being actively developed, with new versions being released several times a month, while the Mallox RaaS affiliate program advertised on dark web forums was seeking new partners. This article aims to provide a comprehensive technical overview of the ransomware and its history.
Read more…
Source: Kaspersky
Related:
- PyTorch dependency poisoned with malicious code
January 4, 2023
An unknown attacker used the PyPI code repository to get developers to download a compromised PyTorch dependency that included malicious code designed to steal system data. Developers who last week downloaded the nightly builds of the open source PyTorch framework also unknowingly installed a malicious version of the torchtriton dependency found in the Python Package Index, ...
- 200 million Twitter users’ email addresses allegedly leaked online
January 4, 2023
A data leak described as containing email addresses for over 200 million Twitter users has been published on a popular hacker forum for about $2. BleepingComputer has confirmed the validity of many of the email addresses listed in the leak. Since July 22nd, 2022, threat actors and data breach collectors have been selling and circulating large ...
- Cook EBITDA slumps £2m following Christmas 2021 cyber-attack
January 4, 2023
A cyber-attack in December 2021 wiped an estimated £2m from Cook’s EBITDA, according to its latest financial results. The attack ground manufacturing systems at its Sittingbourne site to a halt and prevented Cook from making and delivering food. Consequently, the business was forced to shut down its website in the lead-up to Christmas, its busiest period of ...
- Hackers abuse Windows error reporting tool to deploy malware
January 4, 2023
Hackers are abusing the Windows Problem Reporting (WerFault.exe) error reporting tool for Windows to load malware into a compromised system’s memory using a DLL sideloading technique. The use of this Windows executable is to stealthy infect devices without raising any alarms on the breached system by launching the malware through a legitimate Windows executable. The new campaign ...
- Rackspace confirms Play ransomware was behind recent cyberattack
January 4, 2023
Texas-based cloud computing provider Rackspace has confirmed that the Play ransomware operation was behind a recent cyberattack that took down the company’s hosted Microsoft Exchange environments. This follows a report last month by cybersecurity firm Crowdstrike, which detailed a new exploit used by the ransomware group to compromise Microsoft Exchange servers and gain access to a ...
- Ransomware gang apologizes, gives SickKids hospital free decryptor
January 1, 2023
The LockBit ransomware gang has released a free decryptor for the Hospital for Sick Children (SickKids), saying one of its members violated rules by attacking the healthcare organization. SickKids is a teaching and research hospital in Toronto that focuses on providing healthcare to sick children. On December 18th, the hospital suffered a ransomware attack that impacted internal ...