Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques

Trend™ Research identified a sophisticated Agenda ransomware attack that deployed a Linux variant on Windows systems. This cross-platform execution can make detection challenging for enterprises...

Gunra Ransomware Group Unveils Efficient Linux Variant

This blog discusses how Gunra ransomware’s new Linux variant accelerates and customizes encryption, expanding the group’s reach with advanced cross-platform tactics...

Malicious Package

Overview coloramashowtemp is a malicious package. This package contains payloads with Windows and Linux variants that access and exfiltrate sensitive configuration information, establish remote control / remote access for the attacker, establish persistence and “command and control” C2 mechanisms...

Malicious Package

Overview readmecolorama is a malicious package. This package contains payloads with Windows and Linux variants that access and exfiltrate sensitive configuration information, establish remote control / remote access for the attacker, establish persistence and “command and control” C2 mechanisms...

New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists

North Korean threat actors have been observed using a Linux variant of a known malware family called FASTCash to steal funds as part of a financially-motivated campaign. The malware is "installed on payment switches within compromised networks that handle card transactions for the means of...

New Linux Variant of Play Ransomware Targeting VMware ESXi Systems

Cybersecurity researchers have discovered a new Linux variant of a ransomware strain known as Play aka Balloonfly and PlayCrypt that's designed to target VMware ESXi environments. "This development suggests that the group could be broadening its attacks across the Linux platform, leading to an...

Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma

Trend Micro threat hunters discovered that the Play ransomware group has been deploying a new Linux variant that targets ESXi environments. Read our blog entry to know more...

TargetCompany’s Linux Variant Targets ESXi Environments

In this blog entry, our researchers provide an analysis of TargetCompany ransomware’s Linux variant and how it targets VMware ESXi environments using new methods for payload delivery and execution...

Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware

Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber aka C3RB3R ransomware. The attacks leverage CVE-2023-22518 CVSS score: 9.1, a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated...

New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion

Cybersecurity researchers have discovered a new Linux variant of a remote access trojan RAT called BIFROSE aka Bifrost that uses a deceptive domain mimicking VMware. "This latest version of Bifrost aims to bypass security measures and compromise targeted systems," Palo Alto Networks Unit 42...

Monti Ransomware Returns with New Linux Variant and Enhanced Evasion Tactics

The threat actors behind the Monti ransomware have resurfaced after a two-month break with a new Linux version of the encryptor in its attacks targeting government and legal sectors. Monti emerged in June 2022, weeks after the Conti ransomware group shut down its operations, deliberately imitatin...

Chinese Hackers Spotted Using Linux Variant of PingPull in Targeted Cyberattacks

The Chinese nation-state group dubbed Alloy Taurus is using a Linux variant of a backdoor called PingPull as well as a new undocumented tool codenamed Sword2033. That's according to findings from Palo Alto Networks Unit 42, which discovered recent malicious cyber activity carried out by the group...

Linux Variant of Clop Ransomware Spotted, But Uses Faulty Encryption Algorithm

The first-ever Linux variant of the Clop ransomware has been detected in the wild, but with a faulty encryption algorithm that has made it possible to reverse engineer the process. "The ELF executable contains a flawed encryption algorithm making it possible to decrypt locked files without paying...

New BOLDMOVE Backdoor uses FortiOS vulnerability for initial access

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A suspected China-nexus campaign has exploited a vulnerability in Fortinets FortiOS SSL-VPN, known as CVE-2022-42475. The exploitation was believed to have occurred as early as October 2022 and the targe...

SparklingGoblin Revamps SideWalk Backdoor for Linux Variant

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary SparklingGoblin aka Earth Baku State-backed Chinese hackers has integrated a Linux variant of the SideWalk backdoor. SparklingGoblin Threat actors typically target East and Southeast Asian countries, wit...

SparklingGoblin APT Hackers Using New Linux Variant of SideWalk Backdoor

A Linux variant of a backdoor known as SideWalk was used to target a Hong Kong university in February 2021, underscoring the cross-platform abilities of the implant. Slovak cybersecurity firm ESET, which detected the malware in the university's network, attributed the backdoor to a nation-state...

Cybersecurity Experts Warn of Emerging Threat of "Black Basta" Ransomware

The Black Basta ransomware-as-a-service RaaS syndicate has amassed nearly 50 victims in the U.S., Canada, the U.K., Australia, and New Zealand within two months of its emergence in the wild, making it a prominent threat in a short window. "Black Basta has been observed targeting a range of...

Conti Group Targets ESXi Hypervisors With its Linux Variant

Conti Group Targets ESXi Hypervisors With its Linux Variant By Marc Elias, Jambul Tologonov and Alexandre Mundo · Apr 20, 2022 Despite the leak of the conversations of the Conti members that happened in March 2022, which we analyzed and published recently, the group seems to continue its operatio...

Conti Group Targets ESXi Hypervisors With its Linux Variant

Conti Group Targets ESXi Hypervisors With its Linux Variant By Marc Elias, Jambul Tologonov and Alexandre Mundo · Apr 20, 2022 Despite the leak of the conversations of the Conti members that happened in March 2022, which we analyzed and published recently, the group seems to continue its operatio...

VMware ESXi Servers Encrypted by Lightning-Fast Python Script

Researchers have discovered a new Python ransomware from an unnamed gang that’s striking ESXi servers and virtual machines VMs with what they called “sniper-like” speed. Sophos said on Tuesday that the ransomware is being used to compromise and encrypt VMs hosted on an ESXi hypervisor in operatio...