Mallox ransomware, also known as TargetCompany, had one of its affiliates set sights on Linux systems with a new ransomware variant based on a modified iteration of exposed Kryptina ransomware-as-a-service source code following tool exposure stemming from an operational error, BleepingComputer reports.
Attackers leveraged leaked Kryptina source code to develop rebranded Mallox payloads, including the Mallox Linux 1.0 encryptor that was identical to Kryptina save for its name and appearance, an analysis from SentinelLabs revealed. Additional tools discovered within the Mallox affiliate's server included Java-based Mallox payload droppers, disk image files containing Mallox payloads, an exploit for a Windows 10 and 11 privilege escalation vulnerability, tracked as CVE-2024-21338, privilege escalation PowerShell scripts, and a password reset tool by Kaspersky, as well as data folders for more than a dozen targets that the operation could have victimized. While the new Mallox ransomware variant is noted to be separate from previously discovered versions of the payload aimed at Linux machines, uncertainties regarding its utilization among the ransomware gang's affiliates and operators remain.
