Malware Alert LMAOxUS Ransomware: Another Case of Weaponized Open Source Ransomware

Discussion in 'News Archive' started by Solarquest, Apr 6, 2017.

  1. Solarquest

    Solarquest Moderator
    Staff Member AV Tester

    Jul 22, 2014
    An Indian developer is playing around with an open source ransomware builder, which in the long run may end up causing serious problems for innocent users.

    This developer, who goes by the nickname of Empinel and claims to be based in Mumbai, has forked the open source code of the EDA2 project, and with the help of another user, has removed the backdoor hidden in EDA2's original code.

    His work started back in May 2016, when he tinkered with EDA2's source code and renamed the project to Stolich, modifying certain aspects of EDA2's encryption.

    He received help in September 2016 when another "friendly" developer pushed a pull request to the Stolich repo that removed the EDA2 backdoor code.


    While people work on malware code on GitHub all the time, a fully-functional version of the EDA2-based Stolich ransomware popped up on VirusTotal two days ago.

    Stolich used in "production"
Similar Threads Forum Date
Video Review Avast vs new Ransomware Video Reviews Yesterday at 9:31 PM
Microsoft offers several mechanisms to protect against ransomware Microsoft Yesterday at 12:42 PM
A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware... Microsoft Yesterday at 12:42 PM