Carding 4 Carders
Professional
A universal program in the cryptominer mask allows you to conduct cyber attacks of any type.
Kaspersky Lab specialists have identified a complex malware campaign called StripedFly, previously unknown and extremely confusing. Since 2017, the operation has affected more than one million users worldwide. The threat, although fading, is still active and poses a serious threat.
For a long time, it was believed that StripedFly is a simple cryptominer, but a deeper analysis showed that it is a much more complex program with a multifunctional framework. Malware is capable of performing various types of attacks and has many modules, which makes it a multi-faceted tool for attackers.
In 2022, experts from Kaspersky Lab's Global Research and Analysis Team (GReAT) identified two new StripedFly-related incidents. Both cases were related to a system process wininit.exe in the Windows operating system. The traces led to the discovery of a code sequence previously associated with the well-known Equation malware. As a result, it turned out that StripedFly is only part of a more complex structure with many plugins, which provides cybercriminals with many opportunities.
The malicious module has many options that allow it to be used as part of APT attacks, for mining cryptocurrency, or even for extortionate purposes. This means that attackers may have different motives, ranging from financial gain to espionage. Interestingly, the Monero cryptocurrency mining module implemented in StripedFly was indeed able to remain unnoticed for a long time due to its efficiency.
In addition, StripedFly provides attackers with a wide range of opportunities for covert espionage. Malicious software collects various credentials, including usernames and passwords, as well as personal data of users. In addition, the program can take screenshots of the screen and even record audio from the microphone.
The researchers also disclosed that StripedFly is distributed through the EternalBlue exploit of a vulnerability in the Microsoft Server Message Block (SMB) protocol that was discovered in 2017, although Microsoft released a patch for this vulnerability. However, not all users have updated their systems, so the threat remains relevant.
The similarity to Equation is revealed through various indicators, including signatures, programming style, and attack methods. According to Kaspersky Lab, StripedFly targets more than a million users worldwide.
Kaspersky Lab noted that the amount of effort put into creating the framework is really impressive. The main difficulty for information security specialists is that attackers are constantly adapting to changing conditions. Therefore, it is important for researchers to join forces to identify complex cyber threats, and users should not forget about comprehensive protection against cyber attacks.
Kaspersky Lab specialists have identified a complex malware campaign called StripedFly, previously unknown and extremely confusing. Since 2017, the operation has affected more than one million users worldwide. The threat, although fading, is still active and poses a serious threat.
For a long time, it was believed that StripedFly is a simple cryptominer, but a deeper analysis showed that it is a much more complex program with a multifunctional framework. Malware is capable of performing various types of attacks and has many modules, which makes it a multi-faceted tool for attackers.
In 2022, experts from Kaspersky Lab's Global Research and Analysis Team (GReAT) identified two new StripedFly-related incidents. Both cases were related to a system process wininit.exe in the Windows operating system. The traces led to the discovery of a code sequence previously associated with the well-known Equation malware. As a result, it turned out that StripedFly is only part of a more complex structure with many plugins, which provides cybercriminals with many opportunities.
The malicious module has many options that allow it to be used as part of APT attacks, for mining cryptocurrency, or even for extortionate purposes. This means that attackers may have different motives, ranging from financial gain to espionage. Interestingly, the Monero cryptocurrency mining module implemented in StripedFly was indeed able to remain unnoticed for a long time due to its efficiency.
In addition, StripedFly provides attackers with a wide range of opportunities for covert espionage. Malicious software collects various credentials, including usernames and passwords, as well as personal data of users. In addition, the program can take screenshots of the screen and even record audio from the microphone.
The researchers also disclosed that StripedFly is distributed through the EternalBlue exploit of a vulnerability in the Microsoft Server Message Block (SMB) protocol that was discovered in 2017, although Microsoft released a patch for this vulnerability. However, not all users have updated their systems, so the threat remains relevant.
The similarity to Equation is revealed through various indicators, including signatures, programming style, and attack methods. According to Kaspersky Lab, StripedFly targets more than a million users worldwide.
Kaspersky Lab noted that the amount of effort put into creating the framework is really impressive. The main difficulty for information security specialists is that attackers are constantly adapting to changing conditions. Therefore, it is important for researchers to join forces to identify complex cyber threats, and users should not forget about comprehensive protection against cyber attacks.
