Crypto

Kaspersky Unveils Powerful Malware Posing as Crypto Miner Infecting Over 1 Million Computers

2 Mins read
Source: Pixabay

Global cybersecurity and digital privacy firm Kaspersky’s researchers have discovered highly sophisticated malware affecting over a million victims since 2017.

The malware – “StripedFly” – initially masqueraded as a cryptocurrency miner and was later found to be a complex multi-functional wormable framework. According to the Kaspersky report published Thursday, StripedFly infected over 1 million Windows and Linux computers for five years.

“It comes equipped with a built-in TOR network tunnel for communication with command servers, along with update and delivery functionality through trusted services such as GitLab, GitHub, and Bitbucket, all using custom encrypted archives.”

Kaspersky researchers discovered the malicious framework last year and noted that the effort in creating the framework was “truly remarkable.”

“In 2022, we came across two unexpected detections within the WININIT.EXE process of an older code which was earlier observed in Equation malware,” the researchers wrote. “Subsequent analysis revealed earlier instances of suspicious code dating back to 2017.”

The malware was wrongly classified as just a Monero cryptocurrency miner and it is unclear whether this was utilized for revenue generation or cyber espionage. Experts maintained that the mining module was the key factor enabling the malware to evade detection for a long period.

The findings further added that the attacker behind the malware has acquired extensive capabilities to spy on victims. The malware “collects a range of sensitive information from all active users,” it added.

It extracts website login usernames and passwords and personal autofill data including name, address, phone number, company, and job title. “It also captures known Wi-Fi network names and the associated passwords,” the report revealed.

StripedFly’s origins remain unknown however further investigations reveal that the malware uses similar techniques as EternalBlue ‘SMBv1’ exploit to infiltrate the victim’s systems.

EternalBlue was leaked in April 2017 and continues to threaten unpatched Windows servers. The infamous exploit was created and used by an NSA hacking group known as the Equation Group.

Kaspersky disclosed that StripedFly was initially detected in April 2016, a year before the EternalBlue detection. In early 2017, Microsoft released a patch for the EternalBlue exploit.

“Created quite some time ago, StripedFly has undoubtedly fulfilled its intended purpose by successfully evading detection over the years. Many high-profile and sophisticated malicious software have been investigated, but this one stands out and truly deserves attention and recognition.”

Read the full article here

Related posts
Crypto

RSS Feed Generator, Create RSS feeds from URL

1 Mins read
RSS Feed Integrations Make your RSS feed work better by integrating with your favorite platforms. Save time by connecting your tools together….
Crypto

What to Expect in January

2 Mins read
Image by Parradee, Adobe Stock The Securities and Exchange Commission (SEC)’s move to start a public comment period for spot Bitcoin (BTC) ETF…
Crypto

Bitcoin Price Prediction as Whales Poised to Push Price Above $40,000 – Will They Succeed?

1 Mins read
As the market opens on December 1, Bitcoin‘s current position reflects a market in contemplation. Trading at $38,150, the foremost cryptocurrency registers…
Get The Latest News

Subscribe to get the top fintech and
finance news and updates.

Leave a Reply

Your email address will not be published. Required fields are marked *