Summary: Trend Micro reports that newly identified versions of the Albabat ransomware are now configured to target Windows, Linux, and macOS systems, with capabilities to retrieve components from a private GitHub repository. Active since 2023, Albabat utilizes advanced techniques to evade detection and shares infrastructure details that indicate its ongoing development. The ransomware not only encrypts files but also exfiltrates sensitive data to a remote PostgreSQL database for tracking and ransom demands.
Affected: Albabat ransomware targets Windows, Linux, and macOS systems
Keypoints :
- Albabat ransomware, known as White Bat, has expanded its target range to all major desktop platforms.
- The ransomware retrieves configuration files from a private GitHub repository using an authentication token.
- Current versions can encrypt files and steal data, with configuration files indicating the potential for future updates.
Source: https://www.securityweek.com/albabat-ransomware-expands-targets-abuses-github/