Mallox is a sophisticated and dangerous family of malicious software that has been causing significant damage to organizations worldwide.
In 2023, this ransomware strain demonstrated an uptick in attacks, the overall number of discovered Mallox samples exceeding 700. In the first half of 2024, the malware was still being actively developed, with new versions being released several times a month, while the Mallox RaaS affiliate program advertised on dark web forums was seeking new partners. This article aims to provide a comprehensive technical overview of the ransomware and its history.
Read more…
Source: Kaspersky
Related:
- This ‘grab-bag’ hacking attack drops six different types of malware in one go
December 19, 2019
A high-volume hacking campaign is targeting organisations around the world with attacks that deliver a ‘grab-bag’ of malware that includes information-stealing trojans, a remote backdoor, a cryptojacker and a cryptocurrency stealer. Uncovered by researchers at Deep Instinct, the combination of the volume of attacks with the number of different malware families has led to the campaign being named ‘Hornet’s Nest’. The ...
- Frankfurt shuts down IT network following Emotet infection
December 19, 2019
Frankfurt, one of the largest financial hubs in the world and the home of the European Central Bank, has shut down its IT network this week following an infection with the Emotet malware. Frankfurt is the fourth German entity that shut down its IT network in the past two weeks because of Emotet. The other three are ...
- DDoS Attacks and IoT Exploits: New Activity from Momentum Botnet
December 16, 2019
Trend Micro recently found notable malware activity affecting devices running Linux, a platform that has battled numerous issues just this year. Further analysis of retrieved malware samples revealed that these actions were connected to a botnet called Momentum (named for the image found in its communication channel). We found new details on the tools and techniques ...
- DeCypherIT – All eggs in one basket
December 12, 2019
These days, attackers use cheap and publicly accessible services to help them bypass Anti-Virus protections and gain a foothold in their victims’ systems. We give a behind the scenes look at a service called CypherIt, which is sold publicly as a legitimate service but is used to wrap malwares and hide their malicious content. This evasion technique ...
- Zeppelin: Russian Ransomware Targets High Profile Users in the U.S. and Europe
December 11, 2019
Zeppelin is the newest member of the Delphi-based Ransomware-as-a-Service (RaaS) family initially known as Vega or VegaLocker. Although it’s clearly based on the same code and shares most of its features with its predecessors, the campaign that it’s been part of differs significantly from campaigns involving the previous versions of this malware. Vega samples were first ...
- The quiet evolution of phishing
December 11, 2019
The battle against phishing is a silent one: every day, Office 365 Advanced Threat Protection detects millions of distinct malicious URLs and email attachments. Every year, billions of phishing emails don’t ever reach mailboxes—real-world attacks foiled in real-time. Heuristics, detonation, and machine learning, enriched by signals from Microsoft Threat Protection services, provide dynamic, robust protection against email threats. Phishers have been ...