This Windows malware is now evolving to target Linux systems

New version of the Mallox ransomware spotted online

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Hackers have modified the infamous Malloxransomwareto also targetLinux systems, experts have claimed.

The new version is called Mallox Linux 1.0, and was recently discovered by cybersecurity researchers SentinelLabs, after Mallox’s operators mistakenly leaked their tools.

The analysis of the tool led the researchers to conclude that Mallox Linux 1.0 is actually a rebrand of the Kryptina encryptor. Kryptina was built last year by a threat actor alias “Corlys”, who tried to rent the tool for roughly $800. However, since the cybercriminal community did not show much interest in the tool, Corlys shared it for free, in hopes that someone might pick it up.

TargetCompany

Now, it seems Mallox did, since the new variant uses Kryptina’s source code, the same encryption mechanism (AES-256-CBC), and the same decryption routines. Furthermore, it uses the same command-line builder and configuration parameters, too. Therefore, Mallox devs only changed the name and appearance of the encryptor, and removed any mention of Kryptina from the documents. Everything else is left unchanged.

For now, there is no word on potential victims, but in their analysis, researchers fromKasperskysaid Mallox affiliates “do not restrict their activities to a specific country”. Instead, they attack vulnerable companies wherever they are. However, the majority of the firms struck by a variant of Mallox are located in either Brazil, Vietnam, or China.

The ransomware is also known as Fargo, or TargetCompany, and has been active in one form or another since June 2021. At first, it was targeting mostly unsecured MS-SQL servers,Sekoiafound. Another Mallox hallmark is to threaten the victims, especially those in the European Union, about potential GDPR violations.

Between October 2022 and March 2023, its affiliates stole data from at least 20 organizations.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time