Faust is the latest addition to the Phobos family, which includes Eking, Eight, Elbie, Devos, and 8Base. Active since 2022, Faust does not target specific industries or regions. The attack chain starts with an XLAM document that downloads Base64-encoded data from Gitea, saving a harmless XLSX file while stealthily retrieving an executable masquerading as an AVG AntiVirus updater. This binary functions as a downloader to fetch and launch another executable named “SmartScreen Defender Windows.exe,” initiating the encryption process through a fileless attack.
New ransomware families like Albabat (aka White Bat), Kasseika, Kuiper, Mimus, and NONAME have gained traction. Albabat, a Rust-based malware, is distributed as fraudulent software, including a fake Windows 10 digital activation tool and a cheat program for Counter-Strike 2. Kuiper, a Golang-based ransomware attributed to a threat actor named RobinHood, targets Windows, Linux, and macOS. NONAME’s data leak site imitates the LockBit group, suggesting a possible connection.
Ransomware actors are increasingly using TeamViewer as an initial access vector, deploying encryptors based on the LockBit ransomware builder. LockBit 3.0 has also been distributed as Microsoft Word files disguised as resumes targeting entities in South Korea.
Source: The Hacker News
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.