Submit the keyword or topic you are searching for

  1. Home
  2. Technology
  3. New Mallox ransomware Linux variant based on leaked Kryptina code
Technology

New Mallox ransomware Linux variant based on leaked Kryptina code

An affiliate of the Mallox ransomware operation, also known as TargetCompany, was spotted using a slightly modified version of the Kryptina ransomware to attack Linux systems. [...]

featured-image

An affiliate of the Mallox ransomware operation, also known as TargetCompany, was spotted using a slightly modified version of the Kryptina ransomware to attack Linux systems. This version, according to SentinelLabs, is separate from other Linux-targeting variants of Mallox, such as the one described last June by Trend Micro researchers, highlighting the shifting tactics of the ransomware ecosystem. Also, this is another sign that Mallox, previously a Windows-only malware, is putting Linux and VMWare ESXi systems into its crosshairs, marking a significant evolution for the operation.

From Kryptina to Mallox Kryptina was launched as a low-cost ($500-$800) ransomware-as-a-service (RaaS) platform for targeting Linux systems in late 2023 but failed to gain traction in the cybercrime community. In February 2024, its purported administrator, using the alias "Corlys," leaked Kryptina's source code for free on hacking forums, which was presumably acquired by random ransomware actors interested in getting their hands on a working Linux variant. After a Mallox affiliate suffered an operational error and exposed their tools, SentinelLabs discovered that Kryptina had been adopted by the project and its source code was used for building rebranded Mallox payloads.



The rebranded encryptor, named "Mallox Linux 1.0," uses Kryptina's core source code, the same AES-256-CBC encryption mechanism and decryption routines, and also the same command-line builder and configuration parameters. This indicates that the Mallox affiliate only modified the appearance and name, removed references to Kryptina on ransom notes, scripts, and files, and transposed the existing documentation into a "lite" form, leaving all the rest unchanged.

Apart from Mallox Linux 1.0, SentinelLabs found various other tools on the threat actor's server, including: Currently, it remains uncertain whether the Mallox Linux 1.0 variant is being used by a single affiliate, multiple affiliates, or all Mallox ransomware operators alongside the Linux variant discussed in our previous report .

.

My Protein Germany

Myprotein UK

Menkind UK

Top News

A week to remember for Ralph "Rocky" Fratto and his entire family

Life has a funny way of altering plans....

SC to hear petition for expert committee to combat cyber fraud

Aces punch back to take Game 3 over Liberty, 95-81

2 female pedestrians injured in early morning crash in Vaughan

Related Posts

post-thumbnail
Technology

Like Moodeng Catcoin.com has the potential to be your next 100x memecoin

post-thumbnail
Technology

Prime Day starts now — here’s 49 deals I’d add to my cart this weekend

post-thumbnail
Technology

Gmail's Gemini-powered Q&A feature comes to iOS

post-thumbnail
Technology

Peper column: Find ways to enjoy longevity

post-thumbnail
Technology

Top AI Features of the Samsung Galaxy S24

post-thumbnail
Technology

How to Make an Inbox Management AI Agent (No Code)

post-thumbnail
Technology

YouTube New Feature Update: YouTube Shorts To Introduce Trends Page, Allow Videos up to 3 Minutes Long; Check Details

post-thumbnail
Technology

Gautam Singhania Raises Eyebrows Over Lamborghini Revuelto's Reliability After Midway Breakdown!