Intel Name: Albabat ransomware group potentially expands targets to multiple os, uses github to streamline operations
Date of Scan: March 24, 2025
Impact: High
Summary: The financially motivated Albabat ransomware group has resurfaced with new versions. Our threat-hunting team recently identified versions 2.0.0 and 2.5, which target Windows while also collecting system and hardware data from Linux and macOS. Previously undetected variants were also discovered, retrieving configuration data via the GitHub REST API using a “User-Agent” string labeled “Awesome App.” This configuration contains critical details about the ransomware’s behavior and operations.
