Interlock Ransomware Strikes Again: New PHP Trojan Variant Hits the Web
The Interlock ransomware group is getting creative with their malware, now deploying a PHP variant of their remote access trojan. Using a JavaScript traffic distribution system, they lure users with fake CAPTCHA pages and unleash the Interlock RAT. Remember, folks: CAPTCHA might stand for “Can’t Access, Please Try Harder Again.”
Hot Take:
Watch out world, the Interlock ransomware group is back in town with a new trick up their sleeves! This time, they’re not just sticking to their Node.js roots; they’re expanding their horizons with a PHP variant that’s about as welcome as a raccoon in your trash can. It seems the Interlock gang is determined to prove that when it comes to the illegal access game, they’re truly platform-agnostic. So, webmasters, gird your loins and keep your anti-malware tools up to date, because these cyber scalawags are making the rounds!
Key Points:
- Interlock ransomware group introduces a new PHP variant of their RAT.
- Malware campaign involves compromised websites with hidden scripts.
- Fake CAPTCHA pages trick users into running malicious scripts.
- FileFix mechanism exploits Windows File Explorer’s address bar.
- RAT uses Cloudflare Tunnel subdomains for C2 server obfuscation.