Hello XD now deploys a backdoor. Palo Alto Unit 42 cybersecurity experts: It allows an attacker to browse the file system, upload and download files, execute commands, and remove itself from the system

Hello XD now deploys a backdoor. It has been denounced by Palo Alto Unit 42 cybersecurity experts. The ransomware family, which contains very similar core functionality to the leaked Babuk/Babyk source code, use this new technique to allow an attacker to browse the file system, upload and download files, execute commands, and remove itself from the system. Researchers believe this was likely done to monitor the progress of the malware and maintain an additional foothold in compromised systems. Furthermore, the ransomware creates an ID for the victim which has to be sent to the threat actor to make it possible to identify the victim and provide a decryptor. The ransom note also instructs victims to download Tox and provides a Tox Chat ID to reach the threat actor.