MacOS and Linux systems have been targeted by the newest samples of the Albabat ransomware, also known as White Bat, which was initially reported to have targeted Windows systems upon its emergence in 2023 before targeting Linux in January 2024, SecurityWeek reports.
Attacks with the newest iterations of Albabat involved the utilization of an authentication token to facilitate configuration file and other component retrieval from a private GitHub repository, according to a Trend Micro report. Analysis of Albabat's configuration files showed the payload's targeting of various file extensions and termination of several processes, as well as its exfiltration of machine-stored data to a remote PostgreSQL database. Albabat "uses a database to track infections and payments. This collected information helps attackers to make ransom demands, monitor infections, and sell victims' data," said Trend Micro researchers, who also discovered the ongoing development of the ransomware strain.
