Malware, Ransomware, Security Staff Acquisition & Development
Widespread StripedFly malware framework compromise reported in Windows, Linux systems
More than a million Windows and Linux systems have been compromised by the sophisticated StripedFly malware framework between 2017 and 2022, according to BleepingComputer.
Aside from having advanced mechanisms for hiding TOR-based traffic and automated updates, StripedFly also included worm functionality and a custom exploit for an EternalBlue SMBv1 flaw, a report from Kaspersky revealed.
Attacks with StripedFly targeted Windows' WININIT.EXE process to inject shellcode that facilitates the execution of additional files, which would trigger the final payload. Malware modules distributed by StripedFly, which has been associated with ThunderCrypt ransomware, enabled encrypted malware configuration storage, update management, reverse proxies, sensitive data scanning and exfiltration, repeatable tasks, command execution, and Monero mining, as well as the utilization of exfiltrated SSH credentials and the EternalBlue exploit to allow further system compromise.
"The malware payload encompasses multiple modules, enabling the actor to perform as an APT, as a crypto miner, and even as a ransomware group... Kaspersky experts emphasize that the mining module is the primary factor enabling the malware to evade detection for an extended period," said researchers.
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds