The source of the initial infection remained unknown for a long time
Kaspersky Lab experts have discovered a previously unknown and extremely sophisticated malicious attack called StripedFly. As the press service notes, since 2017, more than a million users around the world have become its victims; now it continues, although less actively.
For a long time, it was assumed that the malware was an ordinary crypto miner, but it later turned out that it was a complex program with a multifunctional, functional framework.
Many modules allow attackers to use it as part of APT attacks, as well as as a crypto miner or even ransomware. Accordingly, the list of possible motives for attackers is significantly expanding – from financial gain to espionage. Kaspersky Lab experts emphasized that the mining module is a key factor due to which malware could not be fully detected for a long time.
A sophisticated spy miner, StripedFly discovered that managed to infect more than a million Windows and Linux devices.
As it turns out, attackers have many opportunities to covertly spy on victims. The malware collects credentials every two hours: this can be logins and passwords to log into a website or connect to Wi-Fi, or personal data of a person, including name, address, phone number, place of work, and position. In addition, the malware can quietly take screenshots from the victim’s device, gain full control over it, and even record voice data from the microphone.
The source of the initial computer infection remained unknown for a long time. Further research by Kaspersky Lab showed that attackers use their implementation of the EternalBlue SMBv1 exploit for this purpose. The EternalBlue vulnerability was discovered back in 2017, after which Microsoft released a fix (MS17-010). However, the threat is still relevant because not all users update the system.
