Fedor Sinitsyn

Sep 23, 2024 | securelist.com | Dmitry Kalinin |Artem Ushkov |Sherif Magdy |Fedor Sinitsyn

IntroductionWe sometimes come across modified applications when analyzing suspicious files. These are created in response to user requests for more customization options within the app or for new features that the official versions don’t have. Unfortunately, it’s not uncommon for popular mods to contain malware. This often happens because they’re distributed on unofficial websites that don’t have any moderation.

Sep 20, 2024 | securelist.com | Sherif Magdy |Fedor Sinitsyn |Yanis Zinchenko |Eduardo Ovalle

In the spring of 2024, posts with real people’s personal data began appearing on the -=TWELVE=- Telegram channel. Soon it was blocked for falling foul of the Telegram terms of service. The group stayed off the radar for several months, but as we investigated a late June 2024 attack, we found that it employed techniques identical to those of Twelve and relied on C2 servers linked to the threat actor. We are therefore confident that the group is still active and will probably soon resurface.

Sep 4, 2024 | securelist.com | Fedor Sinitsyn |Yanis Zinchenko |Anton Kivva |David Emm

Mallox is a sophisticated and dangerous family of malicious software that has been causing significant damage to organizations worldwide. In 2023, this ransomware strain demonstrated an uptick in attacks, the overall number of discovered Mallox samples exceeding 700. In the first half of 2024, the malware was still being actively developed, with new versions being released several times a month, while the Mallox RaaS affiliate program advertised on dark web forums was seeking new partners.