Cybersecurity researchers have identified a new Golang-based backdoor which uses Telegram for command-and-control communications, thought to be of Russian origin. Once launched, the malware checks its location and if different, moves its own content accordingly, launching a copied version. It uses an open-source library for Golang Telegram Bot API bindings for command-and-control purposes. The malware can execute commands via PowerShell, relaunch itself and, in future, potentially capture screenshots.

Decrypting Linux/ESXi Akira Ransomware Files Without Paying Ransomware
A cybersecurity researcher has decrypted the Linux/ESXI variant of Akira ransomware, allowing data recovery without ransom. The method exploits a flaw in the malware’s encryption