Researchers from cybersecurity company Kaspersky have found malware that has been well hidden for 5 years. Going unnoticed by posing as a cryptocurrency miner, he infected at least 1 million PCs running Windows and Linux.
You’re starting to get to know malware well. Unfortunately, they are so widespread that we talk to you about them regularly. And the least we can say is that pirates show imagination when it comes to giving them shape. This one is a fake Windows update, and this one is downright infected version of the entire Microsoft operating system. StripedFly, the short name of the malicious program in question today, is even more devious. He hid under a cryptocurrency miner and thus escaped cybersecurity solutions during 5 years.
The experts from Kaspersky however, managed to spot it recently. According to their estimates, StripedFly would be present on over a million Windows PCs and Linux systems. The infection would have taken place around 2016 or 2017 via exploitation of the flaw EternalBlue, very popular among hackers at the time. The malware is impressive according to researchers. It integrates mechanisms based on digital network to hide your traffic, updates automatically via legitimate platforms like GitHub and spreads to other machines undetected.
StripedFly malware hid under cryptocurrency miner, infected 1 million PCs
On Windows, the malware adapts its behavior depending on the rights it accesses and the presence or absence of PowerShell, which is used in particular to enter commands. If it is there, it runs scripts to create scheduled tasks Or modify Windows registry keys. Without PowerShell, it creates a hidden file in the file %APPDATA%. Remotely, the hacker can add modules to StripedFly. It then becomes capable of many things on the infected computer.
Read also – Be careful, powerful malware can now steal your banking information in France
In bulk, malware can take screenshotssearch and collect data such as identifiers and Passwordsinitiate actions such as opening and recording the microphone, mining cryptocurrency Monero by disguising itself as a “chrome.exe” process… Kaspersky also insists on the fact that it is this mining module which allowed StripedFly to go under the radar for so long.
Source: Bleeping Computer