Mango is a sophisticated malware that was first detected in an executable named BOOSTWRITE, which was uploaded to VirusTotal on October 3. The code of this executable was signed using a certificate issued by MANGO ENTERPRISE LIMITED, indicating that the operators behind Mango were actively modifying the malware to evade traditional detection methods. A key timestamp anomaly relating to the certificate's validity window and the PE compilation time of BOOSTWRITE was later documented in a blog post by David Cannings, providing further insights into the malware's operations.
In addition to its presence in BOOSTWRITE, Mango has also been associated with malicious Chrome extensions and the TrickBot ransomware dropper. Notably, two members of the malware gang responsible for TrickBot, known as Mikhail Tsarev (aka Mango) and Maksim Galochkin (aka Bentley), have recently come under new European sanctions. This highlights the international impact of Mango and the concerted efforts being made to combat its spread.
In a separate but related development, Solana-based decentralized finance platform Mango Markets has been grappling with allegations of securities law violations brought forth by the U.S. Securities and Exchange Commission (SEC). Following a significant exploit, the platform has been considering a settlement with the SEC. William Frentzen, a former government prosecutor experienced in dealing with hackers, had previously assisted in recovering money stolen in a $110 million fraud case at Mango Markets. This situation underscores the broad array of cybersecurity challenges currently facing digital platforms and financial markets.
Description last updated: 2024-10-17T12:59:41.994Z