skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Python Malware Enables RansomHub Ransomware Attacks

/ 1 min read

🐍💻 Python-based malware fuels RansomHub ransomware attacks. Cybersecurity researchers from GuidePoint Security have uncovered a sophisticated attack involving a Python backdoor that enables persistent access to compromised networks, facilitating the deployment of RansomHub ransomware. The initial breach is attributed to the SocGholish malware, which tricks users into downloading fake browser updates through drive-by campaigns. Once executed, SocGholish connects to an attacker-controlled server to deliver additional payloads. The Python backdoor, detected since December 2023, utilizes a SOCKS5 protocol-based tunnel for lateral movement within networks. The malware’s well-structured code suggests a meticulous author, potentially leveraging AI tools. Additionally, other tools have been identified in ransomware campaigns, including those targeting Amazon S3 buckets and employing aggressive ransom tactics.

Source
{entry.data.source.title}
Original