Slippery RansomExx Malware Moves to Rust, Evading VirusTotal

A new, harder-to-peg version of the ransomware has been rewritten in the Rust programming language.

The APT group DefrayX appears to have launched a new version of its RansomExx malware, rewritten in the Rust programming language -- possibly to avoid detection by antivirus software.
According to IBM Security X-Force Threat researchers, that evasion may be successful, at least for now.
IBM reported
that one sample that it analyzed was not detected as malicious in the VirusTotal platform for at least 2 weeks after its initial submission and that the new sample is still only detected by 14 out of the 60+ AV providers represented in the platform.
Besides being harder to detect and reverse-engineer, Rust has the advantage of being
platform-agnostic
. Thus, while the new version of RansomExx runs on Linux, IBM predicts a Windows version will be on its way soon, if its not already loose and undetected.
RansomExx is far from the only malware package written in Rust.
BlackCat
,
Hive
, and, before that,
Buer
are prominent examples of malware that was rewritten to avoid detection based on the C/C++ versions.
DefrayX is known for its attacks targeting
cloud workloads
and specific verticals, including
healthcare
and
manufacturing
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Slippery RansomExx Malware Moves to Rust, Evading VirusTotal