"Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics"

The Mallox ransomware group is intensifying its targeted attacks on organizations with vulnerable SQL servers. It has recently emerged with a new variant and various additional malware tools to achieve persistence and circumvent detection. In June 2021, Mallox, also known as TargetCompany, Fargo, and Tohnichi, surfaced. Researchers from TrendMicro recently disclosed that in its most recent attacks, the group combined its custom ransomware with two proven malware products, the Remcos RAT and the BatCloak obfuscator. However, the group's strategy for gaining access to the networks of targeted organizations remains unchanged in the most recent campaign. The group still exploits vulnerable SQL servers to persistently deploy its first stage. Mallox, which claims to have infected hundreds of organizations worldwide in manufacturing, retail, wholesale, legal, and professional services, exploits the SQL Remote Code Execution (RCE) vulnerabilities, tracked as CVE-2020-0618 and CVE-2019-1068. Researchers discovered that in later phases of the attack, the group began to alter its tactics to maintain a hidden presence on targeted networks and hide its malicious activity. This article continues to discuss the Mallox ransomware group stepping up its game in targeted attacks against organizations with vulnerable SQL servers.

Dark Reading reports "Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics"