More stealthy attacks have been launched by the ALPHV/BlackCat ransomware operation with the use of the new Munchkin tool, which facilitates undetected encryptor deployment through virtual machines, BleepingComputer reports.
Alpine OS Linux-based Munchkin, which is being distributed as an ISO file, has been leveraged by ALPHV/BlackCat to enable the creation of a new virtual machine within a newly installed VirtualBox instance, a report from Palo Alto Networks Unit 42 revealed. Such a VM prompts root password modification and execution of the 'controller' malware binary to trigger script loading efforts.
Attackers have also been leveraging the configuration file within the malware binary to facilitate the creation of encryptor executables then used for compromising remote Server Message Block or Common Internet File network shares, according to researchers.
Aside from enabling ALPHV/BlackCat affiliates to better evade security systems, Munchkin could also allow more targeted operations due to its modular characteristics, researchers added.