Xollam

Xollam is a malicious software, or malware, that operates as part of a ransomware group associated with various strains including TargetCompany, Tohnichi, Fargo, and Xollam. This group has seen a surge in activity, exploiting systems and causing significant damage. The malware infects systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or hold data hostage for ransom. Xollam represents a new strain within this group, linked to the threat actor Mallox, which is also tied to other ransomware strains. The emergence of Xollam and its associated group, 8Base, aligns with a broader trend of new ransomware variants entering the market, such as Big Head, CryptNet, and Mallox. In an evolution of the threat landscape, Xollam has been observed using a fully undetectable (FUD) obfuscator engine called BatCloak to infect vulnerable systems with remote access trojans like Remcos RAT. This approach allows it to maintain a stealthy presence on targeted networks, significantly increasing the potential harm it can cause. In a further deviation from the norm, Xollam has been observed using malicious OneNote file attachments for initial access. This innovative attack vector was detailed by Trend Micro last month, highlighting the evolving nature of these threats. As malware continues to evolve and adapt, so too must our defenses, underscoring the importance of continuous vigilance and proactive cybersecurity measures.