Cybersecurity researchers at Kaspersky have made a groundbreaking discovery: a sophisticated malware threat called StripedFly that has been operating undetected for over five years. Initially dismissed as a simple cryptocurrency miner, further investigation revealed that StripedFly is capable of far more nefarious activities. It can remotely execute commands, capture screenshots, steal sensitive data including passwords, record audio using the device’s microphone, move to other endpoints using stolen credentials, exploit vulnerabilities to infiltrate additional systems, and, of course, mine the cryptocurrency Monero.
Interestingly, the Monero mining function serves as a diversion tactic to mislead researchers and hinder code analysis. This strategy has proven successful, with an estimated one million devices allegedly compromised. However, it should be noted that Kaspersky cannot confirm this number definitively. The researchers were only able to obtain data from a Bitbucket repository, which showed 220,000 Windows infections since February 2022. Unfortunately, earlier data is unavailable due to the repository’s creation in 2018. Nonetheless, Kaspersky estimates that the actual number of infections is likely over a million, as StripedFly targets both Windows and Linux endpoints.
The identity of the individuals or group behind StripedFly remains unknown. While Kaspersky does not explicitly state whether the malware is state-sponsored, it believes the attack bears the hallmarks of an Advanced Persistent Threat (APT), which are typically associated with state-sponsored actors.
According to Kaspersky’s report, the malware payload includes multiple modules that enable it to function as an APT, crypto miner, and even a ransomware group. The Monero cryptocurrency mined by StripedFly reached its peak value at $542.33 on January 9, 2018, compared to its value of approximately $10 in 2017. As of 2023, it has maintained a value of around $150.
The experts at Kaspersky highlight that the mining module is primarily responsible for the malware’s ability to evade detection for an extended period.
This discovery by Kaspersky underscores the ongoing challenges faced by cybersecurity professionals in combating increasingly sophisticated threats. It serves as a reminder of the constant need for robust security measures, timely updates, and proactive defense against evolving cyber threats.
For more articles on cybersecurity and technology, visit TechRadar Pro.
I have over 10 years of experience in the cryptocurrency industry and I have been on the list of the top authors on LinkedIn for the past 5 years.