PC Magazine reports:
A powerful piece of malware has been disguising itself as a trivial cryptocurrency miner to help it evade detection for more than five years, according to antivirus provider Kaspersky. This so-called “StripedFly” malware has infected over 1 million Windows and Linux computers around the globe since 2016, Kaspersky says in a report released Thursday…
StripedFly incorporated a version of EternalBlue, the notorious NSA-developed exploit that was later leaked and used in the WannaCry ransomware attack to infect hundreds of thousands of Windows machines back in 2017. According to Kaspersky, StripedFly uses its own custom EternalBlue attack to infiltrate unpatched Windows systems and quietly spread across a victim’s network, including to Linux machines. The malware can then harvest sensitive data from infected computers, such as login credentials and personal data. “Furthermore, the malware can capture screenshots on the victim’s device without detection, gain significant control over the machine, and even record microphone input,” the company’s security researchers added.
To evade detection, the creators behind StripedFly settled on a novel method by adding a cryptocurrency mining module to prevent antivirus systems from discovering the malware’s full capabilities.
