Kaspersky Uncovers Sophisticated Malware Threat Persisting for Five Years

Cybersecurity researchers at Kaspersky have made a remarkable discovery, uncovering a highly sophisticated malware threat that has been hiding in plain sight for over five years. Known as StripedFly, the earliest traces of this malware’s activity can be traced back to 2017, although it was initially dismissed as a mere cryptocurrency miner.

However, upon further investigation, Kaspersky has found that StripedFly is far more advanced than previously believed. This malware can remotely execute commands, capture screenshots, steal sensitive data and passwords, record audio using the device’s microphone, spread to adjacent systems using stolen credentials, exploit the EternalBlue vulnerability to infiltrate other networks, and, last but not least, mine the popular cryptocurrency Monero.

Interestingly, the Monero mining function appears to be a diversion tactic employed by the malware’s creators to obfuscate their true intentions and deter researchers from performing a thorough analysis of the code. This strategy seems to have been successful, as an estimated one million devices have fallen victim to the malware. It’s important to note that the exact number of compromised devices is uncertain, as Kaspersky has only obtained verified data from a Bitbucket repository that dates back to February 2022, documenting 220,000 Windows infections. However, considering the repository’s creation in 2018, it is likely that the total number of infections exceeds one million, especially considering that StripedFly targets both Windows and Linux endpoints.

The identity of the individuals or group behind this widespread malware campaign remains unknown. While Kaspersky does not explicitly state whether it is a state-sponsored actor, the cybersecurity firm suggests that this operation is most likely the work of an Advanced Persistent Threat (APT), a type of cyberattack typically associated with state-sponsored actors.

In its report, Kaspersky highlights the multifunctionality of the malware, noting that it can operate as an APT, a crypto miner, and even a ransomware group. The report also points out the significance of the Monero mining module as the primary factor enabling StripedFly to elude detection for such an extended period.

As of January 9, 2018, the Monero cryptocurrency mined by this module reached its peak value of $542.33, a substantial increase compared to its value of around $10 in 2017. Since then, Monero has maintained a stable value of approximately $150.

The experts at Kaspersky emphasize the importance of the mining module as a key factor in the malware’s ability to evade detection for such a prolonged duration.

As the investigation into StripedFly continues, security experts and organizations are urged to remain vigilant and take appropriate measures to protect their systems from this persistent and sophisticated threat.

Source: TechRadar Pro