This Windows malware is now evolving to target Linux systems

News
By published

New version of the Mallox ransomware spotted online

Ransomware

Hackers have modified the infamous Mallox ransomware to also target Linux systems, experts have claimed.

The new version is called Mallox Linux 1.0, and was recently discovered by cybersecurity researchers SentinelLabs, after Mallox’s operators mistakenly leaked their tools.

The analysis of the tool led the researchers to conclude that Mallox Linux 1.0 is actually a rebrand of the Kryptina encryptor. Kryptina was built last year by a threat actor alias “Corlys”, who tried to rent the tool for roughly $800. However, since the cybercriminal community did not show much interest in the tool, Corlys shared it for free, in hopes that someone might pick it up.

TargetCompany

Now, it seems Mallox did, since the new variant uses Kryptina’s source code, the same encryption mechanism (AES-256-CBC), and the same decryption routines. Furthermore, it uses the same command-line builder and configuration parameters, too. Therefore, Mallox devs only changed the name and appearance of the encryptor, and removed any mention of Kryptina from the documents. Everything else is left unchanged.

For now, there is no word on potential victims, but in their analysis, researchers from Kaspersky said Mallox affiliates “do not restrict their activities to a specific country”. Instead, they attack vulnerable companies wherever they are. However, the majority of the firms struck by a variant of Mallox are located in either Brazil, Vietnam, or China.

The ransomware is also known as Fargo, or TargetCompany, and has been active in one form or another since June 2021. At first, it was targeting mostly unsecured MS-SQL servers, Sekoia found. Another Mallox hallmark is to threaten the victims, especially those in the European Union, about potential GDPR violations.

Between October 2022 and March 2023, its affiliates stole data from at least 20 organizations.

Via BleepingComputer

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Close up of the Linux penguin.
A new Linux backdoor is hitting US universities and governments
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
Ransomware
Healthcare firms targeted by all-new ransomware strain
Illustration of a laptop with a magnifying glass exposing a beetle on-screen
This devious macOS malware is evading capture by using Apple's own encryption
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
North Korean Lazarus hackers launch large-scale cyberattack by cloning open source software
Ransomware
Fortinet firewall bugs are being targeted by LockBit ransomware hackers
Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
EA Sports F1 25 promotional image featuring drivers Oscar Piastri, Carlos Sainz and Oliver Bearman.
F1 25 has been officially announced, with this year's entry marking a return for Braking Point and a 'significant overhaul' for My Team mode
Garmin clippd integration
Garmin's golf watches just got a big software integration upgrade to help you improve your game
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is currently revealing the full cast for Avengers: Doomsday, and I think it's going to be a long-winded announcement
Samsung QN90F on yellow background
Samsung announces US prices for its 2025 mini-LED TV lineup, and it’s good and bad news
Nintendo Switch Lite
Forget the Nintendo Switch 2, the original Switch is getting one last hurrah in a surprise Nintendo Direct tomorrow
More about security
Data leak

Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection

Third-party security issues could be the biggest threat facing your business
Chat GPT-generated images along with source material

ChatGPT 4o image generation is so good we will never be able to trust iPhone renders (and photos) again
See more latest
Most Popular
Data leak
Top home hardware firm data leak could see millions of customers affected
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
Canon EOS R50 V on a wooden table, alongside the EOS R50
I tried Canon's two new vlogging cameras – here's why the EOS R50 V offers better video value
Canon RF 20mm F1.4L VCM lens on a wooden table, alongside three other Canon hybrid prime lenses
Canon’s new 20mm f/1.4 lens could be the ultimate wide-angle prime for astro photography and video work, but its pricey
EA Sports F1 25 promotional image featuring drivers Oscar Piastri, Carlos Sainz and Oliver Bearman.
F1 25 has been officially announced, with this year's entry marking a return for Braking Point and a 'significant overhaul' for My Team mode
Garmin clippd integration
Garmin's golf watches just got a big software integration upgrade to help you improve your game
Samsung QN90F on yellow background
Samsung announces US prices for its 2025 mini-LED TV lineup, and it’s good and bad news
Microsoft Copiot Studio deep reasoning and agent flows
Microsoft reveals OpenAI-powered Copilot AI agents to bosot your work research and data analysis
Nissan 2026 line-up
Nissan is back to its bold best with new EV lineup that's led by a third-generation Leaf – and yes, it's an SUV
Nintendo Switch Lite
Forget the Nintendo Switch 2, the original Switch is getting one last hurrah in a surprise Nintendo Direct tomorrow