• Welcome to Peterborough Linux User Group (Canada) Forum.
 

StripedFly malware infects 1 million Windows and Linux hosts (Bleeping Computer)

Started by Jason, October 30, 2023, 03:03:39 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Jason

Security researchers recently discovered malware that's been infecting Windows and Linux hosts over the last five years, although it's believed to be at least 7 years old.

StripedFly is an APT (advanced persistent threat) malware framework containing several modules including a crypto-miner, an SSH client to control other systems, a credential harvester, screenshot capture and a ransomware spreader. Like much malware, it uses techniques to hide its presence and operation including encrypting itself and using TOR to hide its communications. On Windows, it uses Powershell to run its tasks and tailors its operations by the privileges it has. While the principal motivation is unidentified, Kaspersky states:

QuoteThe presence of the Monero crypto miner is considered a diversion attempt, with the primary objectives of the threat actors being data theft and system exploitation facilitated by the other modules.

"The malware payload encompasses multiple modules, enabling the actor to perform as an APT, as a crypto miner, and even as a ransomware group," reads Kaspersky's report.

Securelist has a more detailed write-up and mentions that,

QuoteMany high-profile and sophisticated malicious software have been investigated, but this one stands out and it truly deserves attention and recognition.

Scary stuff. What I find really disconcerting is where Securelist notes,

QuoteWhat was the real purpose? That remains a mystery. While ThunderCrypt ransomware suggests a commercial motive for its authors, it raises the question of why they didn't opt for the potentially more lucrative path instead. The prevailing narrative often centers around ransomware actors collecting anonymous ransoms, but this case seems to defy the norm.

Antimalware software on Windows will detect this virus and remove it. I'm still trying to figure out how you can detect its presence in Linux. If I find out, I'll add it to this thread. MG has details on how to do it manually (see the sources). MG also lists tips on how to avoid getting infected by malware which are probably familiar to most of us here but a reminder can't hurt.

Sources:
Bleeping Computer
Securelist
MG
* Zorin OS 17.1 Core and Windows 11 Pro on a Dell Precision 3630 Tower with an
i5-8600 3.1 GHz 6-core processor, dual 22" displays, 16 GB of RAM, 512 GB Nvme and a Geforce 1060 6 GB card
* Motorola Edge (2022) phone with Android 13