October 27, 2023 at 10:43AM
Cybersecurity firm Kaspersky has warned about a highly advanced piece of malware named StripedFly that has been infecting over one million devices for the past five years. The threat is designed as a modular framework and can target both Windows and Linux systems. It utilizes a Tor network tunnel for communication and has update and delivery mechanisms through trusted services such as Bitbucket and GitLab. Despite being misclassified as a cryptocurrency miner, StripedFly has advanced capabilities that resemble an advanced persistent threat and ransomware, making its purpose unclear but suggesting potential financial gain and espionage.
Key Points from Meeting Notes:
– A piece of malware known as StripedFly has been active for five years, infecting over one million devices.
– StripedFly contains code sequences previously seen in malware used by the Equation Group, which is linked to the US National Security Agency.
– The malware is designed to target both Windows and Linux systems and utilizes a built-in Tor network tunnel for communication with a command-and-control server.
– It has update and delivery mechanisms that rely on trusted services like Bitbucket, GitLab, and GitHub.
– StripedFly was initially misclassified as a cryptocurrency miner but has sophisticated capabilities, including the ability to spread quietly and persist in systems.
– The malware’s modules provide various functionalities, including configuration storage, screenshot-taking, credential and file harvesting, and mining for Monero.
– Kaspersky found similarities between StripedFly and the ThunderCrypt ransomware, as well as the Equation malware, but no direct evidence of a relationship.
– The purpose of StripedFly remains unclear, but it possesses the capabilities of an advanced persistent threat and ransomware, making it suitable for financial gain or espionage.