Subj : Over a million Windows and Linux systems infected by this tricky To : All From : TechnologyDaily Date : Fri Oct 27 2023 17:30:05 Over a million Windows and Linux systems infected by this tricky new malware Date: Fri, 27 Oct 2023 16:23:52 +0000 Description: StripedFly malware is capable of grabbing screenshots and stealing passwords, but also of running code and mining Monero. FULL STORY ====================================================================== Cybersecurity researchers from Kaspersky have discovered an impressive malware threat hiding in plain sight for half a decade. Called StripedFly, the malwares earliest evidence of activity dates back to 2017, Kaspersky claims, where at one point it was discovered but dismissed as a mere cryptocurrency miner. However, a new investigation has shown that StripedFly is capable of a lot more than just mining cryptocurrency: it can execute commands remotely, grab screenshots and execute shellcodes, steal passwords and other sensitive data, record sounds using the integrated microphone, move to adjacent endpoints using previously stolen credentials, abuse the EternalBlue exploit to worm into other systems, and lastly - mine Monero. Mining Monero In fact, Monero mining is now seen as a diversion attempt, to throw researchers off and prevent them from analyzing the code further. The tactic seems to have worked, as a million devices were allegedly compromised in the meantime. The keyword here is allegedly because even Kaspersky cant know for certain. The only actual data the researchers managed to obtain comes from a Bitbucket repository that delivered the final stage payload, and it shows 220,000 Windows infections since February 2022. Since the repository was created in 2018, earlier data is unavailable. But Kaspersky estimates at least a million infections, especially since StripedFly targets both Windows and Linux endpoints. There is no word on who might be behind this goliath of a platform. Kaspersky doesnt explicitly say if its a state-sponsored player or not, but it does argue that this is most likely the work of an Advanced Persistent Threat (APT) and these are mostly state-sponsored, researchers would agree. "The malware payload encompasses multiple modules, enabling the actor to perform as an APT, as a crypto miner, and even as a ransomware group," Kaspersky says in its report. "Notably, the Monero cryptocurrency mined by this module reached its peak value at $542.33 on January 9, 2018, compared to its 2017 value of around $10. As of 2023, it has maintained a value of approximately $150." "Kaspersky experts emphasize that the mining module is the primary factor enabling the malware to evade detection for an extended period." More from TechRadar Pro This new Linux malware floods machines with cryptominers and DDoS bots Here's a list of the best firewalls today These are the best endpoint protection tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/over-a-million-windows-and-linux-system s-infected-by-this-tricky-new-malware --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .