Slippery RansomExx Malware Moves to Rust, Evading VirusTotal

  /     /     /  
Publicated : 23/11/2024   Category : security


Slippery RansomExx Malware Moves to Rust, Evading VirusTotal


A new, harder-to-peg version of the ransomware has been rewritten in the Rust programming language.



The APT group DefrayX appears to have launched a new version of its RansomExx malware, rewritten in the Rust programming language -- possibly to avoid detection by antivirus software.
According to IBM Security X-Force Threat researchers, that evasion may be successful, at least for now.
IBM reported
that one sample that it analyzed was not detected as malicious in the VirusTotal platform for at least 2 weeks after its initial submission and that the new sample is still only detected by 14 out of the 60+ AV providers represented in the platform.
Besides being harder to detect and reverse-engineer, Rust has the advantage of being
platform-agnostic
. Thus, while the new version of RansomExx runs on Linux, IBM predicts a Windows version will be on its way soon, if its not already loose and undetected.
RansomExx is far from the only malware package written in Rust.
BlackCat
,
Hive
, and, before that,
Buer
are prominent examples of malware that was rewritten to avoid detection based on the C/C++ versions.
DefrayX is known for its attacks targeting
cloud workloads
and specific verticals, including
healthcare
and
manufacturing
.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Slippery RansomExx Malware Moves to Rust, Evading VirusTotal