"Slippery RansomExx Malware Moves to Rust, Evading VirusTotal"

The Advanced Persistent Threat (APT) group known as DefrayX appears to have unleashed a new version of its RansomExx malware, possibly to bypass detection by antivirus software. According to IBM Security X-Force Threat researchers, that evasion may be successful for the time being. IBM reported that one of the samples it analyzed was not detected as malicious in the VirusTotal platform for at least two weeks after its initial submission. The new sample is still only detected by 14 of the platform's more than 60 antivirus providers. Rust has the advantage of being platform-agnostic, in addition to being harder to detect and reverse-engineer. As a result, while the new version of RansomExx malware runs on Linux, IBM predicts that a Windows version will be available soon. RansomExx malware is not the only Rust-based malware package. BlackCat, Hive, and, prior to that, Buer are well-known examples of malware that have been rewritten to avoid detection based on C/C++ versions. This article continues to discuss the launch of a new version of RansomExx malware by DefrayX.

Dark Reading reports "Slippery RansomExx Malware Moves to Rust, Evading VirusTotal"