Cybersecurity researchers at Trend Micro have uncovered new variants of the Albabat ransomware, designed to target multiple operating systems and optimize attack execution.
Albabat ransomware 2.0 now extends beyond Microsoft Windows, incorporating mechanisms to collect system data and streamline operations. This version leverages a GitHub account to store and distribute its configuration files.
Trend Micro researchers identified ongoing development efforts for another iteration, version 2.5, which has not yet been deployed in live attacks.
“This use of GitHub is designed to streamline operations,” researchers stated, emphasizing the evolving nature of ransomware tactics.
Albabat, originally written in Rust, was first detected in November 2023. The programming language facilitates its ability to locate and encrypt files efficiently.
Trend Micro analysts examined the ransomware’s functionality, revealing its selective encryption process. The malware specifically targets files with extensions such as .themepack, .bat, .com, .cmd, and .cpl, while bypassing system folders like Searches, AppData, $RECYCLE.BIN, and System Volume Information.
To evade detection and disrupt security defe
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: