Qilin Ransomware Targets Windows via Linux Binaries

The Qilin ransomware group has been using Linux binaries on Windows systems to evade detection and disable defenses. This cross-platform attack method involves deploying ransomware through legitimate remote management tools like WinSCP and Splashtop Remote. The attackers also steal Veeam backup credentials to block recovery options. This sophisticated tactic has made Qilin one of the most active RaaS groups in 2025, with over 40 victims monthly and a peak of 100 in June. The group relies on global bulletproof hosting networks to support its operations.

Latest mentioned: 10-27

Earliest mentioned: 10-24

Sources

securityonline.info thehackernews.com gbhackers.com securityaffairs.com cybersum.net

Also Read

Android Backdoor Baohuo: 58K Devices Infected via Fake Telegram X

Security researchers at Doctor Web have uncovered a sophisticated Android backdoor, Android.Backdoor.Baohuo.1.origin, disguised as Telegram X. This malware grants cybercriminals complete control over victims’ accounts and devices, affecting over 58,000 devices globally. The backdoor spreads through malicious websites and third-party app stores, using unprecedented control mechanisms via Redis database integration. It can steal credentials, chat histories, and personal data, while concealing evidence of compromise. The malware operates through three distinct modification variants, ensuring full functionality to prevent user suspicion. Doctor Web’s analysis reveals that the attack is tailored for specific markets, with the potential to expand to additional regions.

10-24Read more →