Ransomware, Malware, Threat Intelligence

Exposed Kryptina code used for novel Mallox ransomware for Linux variant

Share
Ransomware attack alert on monitor screen in data center, network security concept

Mallox ransomware, also known as TargetCompany, had one of its affiliates set sights on Linux systems with a new ransomware variant based on a modified iteration of exposed Kryptina ransomware-as-a-service source code following tool exposure stemming from an operational error, BleepingComputer reports.

Attackers leveraged leaked Kryptina source code to develop rebranded Mallox payloads, including the Mallox Linux 1.0 encryptor that was identical to Kryptina save for its name and appearance, an analysis from SentinelLabs revealed. Additional tools discovered within the Mallox affiliate's server included Java-based Mallox payload droppers, disk image files containing Mallox payloads, an exploit for a Windows 10 and 11 privilege escalation vulnerability, tracked as CVE-2024-21338, privilege escalation PowerShell scripts, and a password reset tool by Kaspersky, as well as data folders for more than a dozen targets that the operation could have victimized. While the new Mallox ransomware variant is noted to be separate from previously discovered versions of the payload aimed at Linux machines, uncertainties regarding its utilization among the ransomware gang's affiliates and operators remain.

Exposed Kryptina code used for novel Mallox ransomware for Linux variant

Attackers leveraged leaked Kryptina source code to develop rebranded Mallox payloads, including the Mallox Linux 1.0 encryptor that was identical to Kryptina save for its name and appearance.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.