Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024
  • Security & Privacy News

    Over a million Windows and Linux systems infected by this tricky new malware

    aum

    By aum,
    Published Date:

    • 435 views
    • 2 minutes
     Share
    • 435 views
    • 2 minutes

    Cybersecurity researchers from Kaspersky have discovered an “impressive” malware threat hiding in plain sight for half a decade.

     

    Called StripedFly, the malware’s earliest evidence of activity dates back to 2017, Kaspersky claims, where at one point it was discovered but dismissed as a “mere” cryptocurrency miner. 

     

    However, a new investigation has shown that StripedFly is capable of a lot more than just mining cryptocurrency: it can execute commands remotely, grab screenshots and execute shellcodes, steal passwords and other sensitive data, record sounds using the integrated microphone, move to adjacent endpoints using previously stolen credentials, abuse the EternalBlue exploit to worm into other systems, and lastly - mine Monero.


    Mining Monero


    In fact, Monero mining is now seen as a diversion attempt, to throw researchers off and prevent them from analyzing the code further.

     

    The tactic seems to have worked, as a million devices were allegedly compromised in the meantime. The keyword here is “allegedly” because even Kaspersky can’t know for certain. The only actual data the researchers managed to obtain comes from a Bitbucket repository that delivered the final stage payload, and it shows 220,000 Windows infections since February 2022. Since the repository was created in 2018, earlier data is unavailable. But Kaspersky estimates at least a million infections, especially since StripedFly targets both Windows and Linux endpoints.

     

    There is no word on who might be behind this goliath of a platform. Kaspersky doesn’t explicitly say if it’s a state-sponsored player or not, but it does argue that this is most likely the work of an Advanced Persistent Threat (APT) and these are mostly state-sponsored, researchers would agree.

     

    "The malware payload encompasses multiple modules, enabling the actor to perform as an APT, as a crypto miner, and even as a ransomware group," Kaspersky says in its report.

     

    "Notably, the Monero cryptocurrency mined by this module reached its peak value at $542.33 on January 9, 2018, compared to its 2017 value of around $10. As of 2023, it has maintained a value of approximately $150."

     

    "Kaspersky experts emphasize that the mining module is the primary factor enabling the malware to evade detection for an extended period."

     

    Source

    • Adenman, Karlston and phen0men4
    • Like 3
     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...