Net scum have figured out that crims like meaty upgrades on a short release cycle
Net scum behind the ransomware upstart CryptXXX have parried white hat attacks and released a new and as-yet-uncracked malware variant that can encrypt network shares, and steal account logins.
The modular malware menace uses StillerX to plunder account credentials from a host of software including Cisco VPNs, Microsoft Credential Manager, and online poker platforms.
Browser data including history, cookies, and stored credentials are hoovered up along with email, instant messaging, and remote administration software logins.
"CryptXXX has become quite widespread, especially with a number of TeslaCrypt actors shifting operations to CryptXXX recently," Proofpoint malware wonks say, adding that "… this new version of CryptXXX was capable of finding shared resources on the network, enumerating files in every shared directory, and encrypting them one by one.
Kaspersky busted the last CryptXXX variant releasing a decryption tool to help victims rescue their files for free.
That effort was thanks to then similarities between the malware and a cracked Rannoh ransomware.