• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

HelloXD Ransomware Variants Found Installing Backdoor on Windows and Linux Machines

You are here: Home / General Cyber Security News / HelloXD Ransomware Variants Found Installing Backdoor on Windows and Linux Machines
June 14, 2022

Cybersecurity researchers Device 42 noticed several variants of the HelloXD ransomware capable of setting up a backdoor just after infection on both equally Windows and Linux machines.

Producing in a blog post on the company’s website previous week, Device 42 researchers Daniel Bunce and Doel Santos claimed they initial noticed HelloXD, a ransomware household doing double extortion attacks, in November 2021.

In accordance to an evaluation of the ransomware samples, the security specialists concluded that HelloXD’s obfuscation and execution tactics contained really similar core features to the leaked Babuk/Babyk source code.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Bunce and Santos also noticed that one of the samples deployed an open up-resource backdoor named MicroBackdoor that allowed attackers to look through the file process, upload and download data files, execute instructions and take out their footprint from the procedure. 

“We believe this was probable finished to watch the progress of the ransomware and sustain an more foothold in compromised methods,” the Unit 42 post read.

The malware examination also proposed HelloXD does not have an active leak internet site, with malicious actors at the rear of the malware preferring negotiations with victims as a result of Tox chat and onion-dependent messenger platforms.

In conditions of attribution, Bunce and Santos reported they discovered an embedded IP handle in the malware sample generally affiliated with threat actor and developer x4k, also recognized as L4ckyguy, unKn0wn, unk0w, _unkn0wn and x4kme.

“Additionally, we noticed the preliminary email being linked to a GitHub account[…], as perfectly as numerous boards such as XSS, a known Russian-talking hacking forum created to share information about exploits, vulnerabilities, malware and network penetration.”

The Device 42 scientists concluded their submit by warning that even though HelloXD is a ransomware family members in its preliminary phases, it now intends to effects organizations.

“Ransomware is a rewarding operation if performed effectively. Device 42 has noticed ransom calls for and common payments likely up in the most up-to-date Ransomware Menace Report,” Bunce and Santos wrote.

“Unit 42 thinks that x4k, this threat actor, is now growing into the ransomware business enterprise to capitalize on some of the gains other ransomware teams are producing.”


Some pieces of this write-up are sourced from:
www.infosecurity-magazine.com

Previous Post: «what is the essential eight (and why non aussies should care) What is the Essential Eight (And Why Non-Aussies Should Care)
Next Post: New Zimbra Email Vulnerability Could Let Attackers Steal Your Login Credentials new zimbra email vulnerability could let attackers steal your login»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New FjordPhantom Android Malware Targets Banking Apps in Southeast Asia
  • Qakbot Takedown Aftermath: Mitigations and Protecting Against Future Threats
  • Chinese Hackers Using SugarGh0st RAT to Target South Korea and Uzbekistan
  • Discover How Gcore Thwarted Powerful 1.1Tbps and 1.6Tbps DDoS Attacks
  • WhatsApp’s New Secret Code Feature Lets Users Protect Private Chats with Password
  • U.S. Treasury Sanctions North Korean Kimsuky Hackers and 8 Foreign Agents
  • Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices
  • Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws
  • Google Unveils RETVec – Gmail’s New Defense Against Spam and Malicious Emails
  • North Korea’s Lazarus Group Rakes in $3 Billion from Cryptocurrency Hacks

Copyright © TheCyberSecurity.News, All Rights Reserved.