8Base Group Deploying New Phobos Ransomware Variant via SmokeLoader

8Base ransomware threat actors are using a variant of Phobos ransomware in financially motivated attacks, according to Cisco Talos. Most of the group’s Phobos variants are distributed by SmokeLoader, a backdoor trojan. In 8Base campaigns, it has the ransomware component embedded in its encrypted payloads. Phobos, first emerged in 2019, is an evolution of the Dharma ransomware and is sold as a ransomware-as-a-service (RaaS) to affiliates.