Malware Alert LMAOxUS Ransomware: Another Case of Weaponized Open Source Ransomware

Solarquest

Moderator
MalwareTips Staff
AV-Tester
Verified
Joined
Jul 22, 2014
Messages
1,960
#1
An Indian developer is playing around with an open source ransomware builder, which in the long run may end up causing serious problems for innocent users.

This developer, who goes by the nickname of Empinel and claims to be based in Mumbai, has forked the open source code of the EDA2 project, and with the help of another user, has removed the backdoor hidden in EDA2's original code.

His work started back in May 2016, when he tinkered with EDA2's source code and renamed the project to Stolich, modifying certain aspects of EDA2's encryption.

He received help in September 2016 when another "friendly" developer pushed a pull request to the Stolich repo that removed the EDA2 backdoor code.



While people work on malware code on GitHub all the time, a fully-functional version of the EDA2-based Stolich ransomware popped up on VirusTotal two days ago.

Stolich used in "production"
....
 

Similar Threads

Similar Threads