Python Malware Enables RansomHub Ransomware Attacks
/ 1 min read
🐍💻 Python-based malware fuels RansomHub ransomware attacks. Cybersecurity researchers from GuidePoint Security have uncovered a sophisticated attack involving a Python backdoor that enables persistent access to compromised networks, facilitating the deployment of RansomHub ransomware. The initial breach is attributed to the SocGholish malware, which tricks users into downloading fake browser updates through drive-by campaigns. Once executed, SocGholish connects to an attacker-controlled server to deliver additional payloads. The Python backdoor, detected since December 2023, utilizes a SOCKS5 protocol-based tunnel for lateral movement within networks. The malware’s well-structured code suggests a meticulous author, potentially leveraging AI tools. Additionally, other tools have been identified in ransomware campaigns, including those targeting Amazon S3 buckets and employing aggressive ransom tactics.
