A new threat has emerged on the dark web, promising to target victims across multiple operating systems. Dubbed M.O.R.E (Multi OS Ransomware Executable), this dark web tool boasts native compatibility with various operating systems, including Windows, Mac OS, and Linux. The actor behind this multi OS ransomware claims it to be a game-changer for hacker groups.
According to the seller’s post timestamped at 02:49 AM on Wednesday, February 14, 2024, M.O.R.E offers swift encryption using advanced algorithms like RSA/Chacha20Poly1305.
It can crawl through systems and encrypt or decrypt hefty 1024 MB files in a mere 4 seconds. The dynamic multi-threading feature ensures efficient performance across a spectrum of machines, from low-end to high-end systems.
M.O.R.E: Multi OS Ransomware Executable: The New Dark Web Tool
The code snippet provided in the post appears to be a PowerShell script, showcasing its capability to interact with files. The snippet PowerShell script reads the first 15 lines of a file located at “TestFolder/file.txt” using the Get-Content cmdlet.
However, the content displayed seems to be a jumble of characters and symbols, hinting at possible encryption or corruption. While the exact function of this script remains unclear, it highlights the potential threat posed by M.O.R.E.
Multi-OS ransomware, exemplified by tools like M.O.R.E, represents an evolution in cyber threats. Unlike traditional ransomware that targets specific operating systems, this new breed can infiltrate and encrypt files across different platforms simultaneously.
This capability opens up avenues for cybercriminals to unleash widespread chaos and demand hefty ransoms from victims.
Recent Multiple OS Threats: Ransomware and RATs
One such example of multi-OS malware is SysJoker RAT, as highlighted in a VMware report from the previous year. SysJoker RAT, designed to target Windows, Linux, and macOS, demonstrates the potency of cross-platform malware. By leveraging shared code across multiple platforms, attackers can execute commands remotely and deploy additional malicious payloads with ease.
Moreover, last year, India’s nodal agency for computer security-related threats issued a warning to citizens and organizations regarding the emergence of Akira ransomware, a cross OS threat targeting organizations around the globe.
The Union government’s Computer Emergency Response Team-India (CERT-In) issued the critical advisory, stating that the ransomware targeted both Windows and Linux-based operating systems.
The agency informed that the group responsible for the ransomware compromised users via VPN services, particularly when multi-factor authentication wasn’t enabled. Additionally, they deceived users through tools such as AnyDesk, WinRAR, and PC Hunter, to download benign-looking files.
Similarly other malware, RATs, and ransomware can infect multiple operating systems (OS), although they typically target a specific one known to have vulnerabilities.
It accomplishes this by detecting the OS first and then deploying its payload through various wrappers such as PowerShell or Linux bash scripts.
These scripts download the malware into temporary storage and execute it. Additionally, the prevalence of Python or Java installations across systems provides a universal medium for malware interpretation and execution.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
