Kaspersky Unveils Powerful Malware Posing as Crypto Miner Infecting Over 1 Million Computers
Global cybersecurity and digital privacy firm Kaspersky’s researchers have discovered highly sophisticated malware affecting over a million victims since 2017.
The malware – “StripedFly” – initially masqueraded as a cryptocurrency miner and was later found to be a complex multi-functional wormable framework. According to the Kaspersky report published Thursday, StripedFly infected over 1 million Windows and Linux computers for five years.
“It comes equipped with a built-in TOR network tunnel for communication with command servers, along with update and delivery functionality through trusted services such as GitLab, GitHub, and Bitbucket, all using custom encrypted archives.”
Kaspersky researchers discovered the malicious framework last year and noted that the effort in creating the framework was “truly remarkable.”
“In 2022, we came across two unexpected detections within the WININIT.EXE process of an older code which was earlier observed in Equation malware,” the researchers wrote. “Subsequent analysis revealed earlier instances of suspicious code dating back to 2017.”
The malware was wrongly classified as just a Monero cryptocurrency miner and it is unclear whether this was utilized for revenue generation or cyber espionage. Experts maintained that the mining module was the key factor enabling the malware to evade detection for a long period.
The findings further added that the attacker behind the malware has acquired extensive capabilities to spy on victims. The malware “collects a range of sensitive information from all active users,” it added.
It extracts website login usernames and passwords and personal autofill data including name, address, phone number, company, and job title. “It also captures known Wi-Fi network
Read more on cryptonews.com
