The security researchers from Palo Alto Networks Unit 42 observed HelloXD ransomware targeting multiple windows and linux systems.
Daniel Bunce and Doel Santos, Researchers from Palo Alto Networks Unit 42 said in a recent blog, “Unlike other ransomware groups, this ransomware family doesn’t have an active leak site; instead, it prefers to direct the impacted victim to negotiations through TOX chat and onion-based messenger instances.”
The researchers noticed that one of the samples deployed MicroBackdoor, which is an open-source backdoor allowing an attacker to browse the file system, upload and download files, execute commands, and remove itself from the system.
Analysis of the MicroBackdoor
Unit 42 noted the configuration and found an embedded IP address, belonging to a threat actor, which the researchers guess is potentially the developer: x4k, also called L4ckyguy, unKn0wn, unk0w, _unkn0wn, and x4kme. They noticed x4k in several hacking and non-hacking forums.
The Malicious Activities of the Threat Actor
Researchers detected HelloXD and x4k activity with the Cortex XDR and Next-Generation Firewalls (including cloud-delivered security subscriptions such as WildFire).
What is HelloXD Malware?
HelloXD surfaced in the wild on November 30, 2021, and is based off leaked code from Babuk, which was pu ..
Support the originator by clicking the read the rest link below.
