Friday, 27 December 2024
26.8 C
Singapore

Windows malware expands its reach, now targeting Linux systems

Mallox ransomware now targets Linux systems, expanding its reach. Discover how its evolution could threaten businesses worldwide.

Cybersecurity experts have revealed that the notorious Mallox ransomware has evolved and can now target systems. Previously known for infecting Windows platforms, the malware has been upgraded in a move that could potentially widen its range of victims.

Researchers at SentinelLabs discovered that Mallox Linux 1.0 is the new name for this malicious tool. The finding was the result of an accidental leak of tools used by Mallox’s operators. This slip-up provided enough information for researchers to determine that this latest Linux variant is essentially a rebranded version of the Kryptina encryptor.

A repurposed encryptor

Kryptina was first developed last year by a cybercriminal using the alias “Corlys.” At the time, Corlys attempted to rent the tool for roughly US$800 but failed to gain any traction within the cybercrime community. With little interest in the tool, Corlys eventually made it accessible, hoping it might attract more attention.

It seems Mallox’s operators have taken that opportunity. By adopting Kryptina’s source code, they’ve reused its AES-256-CBC encryption mechanism and the same decryption routines. The command- builder and configuration parameters also remain unchanged. The only real difference between the two is that Mallox’s developers have removed any references to Kryptina, rebranding it with a fresh look under the name Mallox Linux 1.0.

While the ransomware has a new face, the underlying danger remains the same. The encryption techniques make it difficult for victims to recover their files without paying the demanded ransom.

Global reach and potential victims

Although no specific victims of the Mallox Linux variant have been reported, researchers from Kaspersky have noted that Mallox operators do not limit their attacks to particular regions. They tend to exploit vulnerable companies wherever they can find them. However, most past attacks have primarily impacted Brazil, Vietnam, and China businesses.

Mallox, which also goes by Fargo and TargetCompany, has been active since June 2021. According to cybersecurity firm Sekoia, it primarily targeted unsecured MS-SQL servers. In some cases, the attackers even threatened victims with claims of potential violations of the European Union’s General Data Protection Regulation (GDPR), adding another layer of pressure to pay the ransom.

Between October 2022 and March 2023, it was reported that Mallox affiliates had successfully stolen data from at least 20 organisations. The malware’s evolution to target Linux systems suggests that Mallox’s operators are continuing to develop and adapt their strategies to maximise their profits.

Expanding Mallox’s capabilities could pose a significant threat as businesses increasingly rely on Linux-based systems. Companies worldwide, particularly those with vulnerabilities in their systems, may find themselves in the crosshairs of this dangerous ransomware.

Hot this week

Russia bans cryptocurrency mining in ten regions due to energy concerns

Russia bans crypto mining in ten regions from January 2024 due to concerns over high energy consumption and the industry's impact on resources.

Ant Group restructures Alipay into two units to drive growth

Ant Group is splitting Alipay into two units with distinct focuses to drive growth amid leadership changes and speculation over its IPO plans.

8BitDo introduces a smaller Xbox controller for compact comfort

8BitDo’s Ultimate Mini Xbox controller is a smaller, lighter option for gamers with smaller hands. It features Hall effect joysticks and LED lighting.

LG launches free audio streaming service with user-friendly experience

LG launches LG Radio+, a free audio streaming service on LG smart TVs, offering podcasts and radio stations with seamless device integration.

Google Ads criticised for automatic broad match changes

Google Ads is being criticised for automatic broad match changes, sparking concerns over wasted ad spend. Stay alert to protect campaign performance.

Google unveils AI model that shows its reasoning process

Google introduces Gemini 2.0 Flash Thinking, an AI model that solves complex questions while revealing its step-by-step reasoning process.

Bluesky introduces a mentions tab in your notifications

Bluesky’s latest update adds a mentions tab, improves reply settings, reserves old usernames, and plans for a subscription service next year.

Lilium halts operations and lays off 1,000 workers after funding struggles

Lilium, a flying taxi company, lays off 1,000 workers and halts operations after struggling to secure VTOL air taxi technology funding.

Interlock ransomware targets critical infrastructure with FreeBSD-specific attacks

Interlock ransomware targets FreeBSD servers, highlighting the need for enhanced security measures in critical infrastructure.

Related Articles

Popular Categories