Mallox is a sophisticated and dangerous family of malicious software that has been causing significant damage to organizations worldwide.
In 2023, this ransomware strain demonstrated an uptick in attacks, the overall number of discovered Mallox samples exceeding 700. In the first half of 2024, the malware was still being actively developed, with new versions being released several times a month, while the Mallox RaaS affiliate program advertised on dark web forums was seeking new partners. This article aims to provide a comprehensive technical overview of the ransomware and its history.
Read more…
Source: Kaspersky
Related:
- NanoCore Trojan is protected in memory from being killed off
January 16, 2019
The NanoCore Remote Access Trojan (RAT) is being spread through malicious documents and uses an interesting technique to keep its process running and prevent victims from manually killing the system, researchers say. The cybersecurity team from Fortinet recently captured a sample relating to the spread of NanoCore RAT in the form of a malicious Microsoft Word document. Developed in ...
- The Rise of Physical Crime in the Cybercrime Underground
January 14, 2019
While underground forums have long been the purview of digital or internet-enabled crimes, recent developments have shown signs of increasing synergy and interaction between traditional criminals and cybercrime actors. Given the nature of the underground, it shouldn’t be a surprise that even traditional criminals communicate and even sell their wares via these underground forums. Is it ...
- Ryuk Ransomware Partners with TrickBot to Gain Access to Infected Networks
January 12, 2019
Historically, Ryuk has been considered a targeted ransomware that scopes out a target, gained access via Remote Desktop Services or other direct methods, stole credentials, and then targeted high profile data and servers to extort the highest ransom amount possible. Ryuk has been a high profile ransomware due to its wide impact on the networks it infects, high ransom ...
- A Zebrocy Go Downloader
January 11, 2019
Last year at SAS2018 in Cancun, Mexico, “Masha and these Bears” included discussion of a subset of Sofacy activity and malware that we call “Zebrocy”, and predictions for the decline of SPLM/XAgent Sofacy activity coinciding with the acceleration of Zebrocy activity and innovation. Zebrocy was initially introduced as a Sofacy backdoor package in 2015, but the Zebrocy ...
- TA505 Crime Gang Debuts Brand-New ServHelper Backdoor
January 11, 2019
The latest malware from TA505 has been seen targeting banks, retailers and restaurants with two different versions. A new backdoor named ServHelper has been spotted in the wild, acting as both a remote desktop agent as well as a downloader for a RAT called FlawedGrace. According to Proofpoint, the prolific cybercriminal gang known as TA505 developed ServHelper, which has ...
- New tool automates phishing attacks that bypass 2FA
January 9, 2019
A new penetration testing tool published at the start of the year by a security researcher can automate phishing attacks with an ease never seen before and can even blow through login operations for accounts protected by two-factor authentication (2FA). Named Modlishka –the English pronunciation of the Polish word for mantis– this new tool was created ...