Kaspersky researchers have discovered the sophisticated StripedFly malware, initially posing as a cryptocurrency miner but revealed as a multifaceted global threat impacting over a million victims since 2017. StripedFly’s operator can engage in data theft, espionage, and evasive activities, and Kaspersky recommends regular system updates and heightened cybersecurity measures to protect against this evolving threat.
1 November 2023 – In a startling revelation, Kaspersky experts have unveiled the presence of a highly sophisticated malware, StripedFly, which has operated under the radar since at least 2017. Initially masquerading as a cryptocurrency miner, it has now been revealed as a complex, multi-faceted, and wormable malware framework, impacting over a million victims worldwide.
In 2022, Kaspersky’s Global Research and Analysis Team stumbled upon unexpected detections linked to the WININIT.EXE process, reminiscent of the Equation malware. This marked the onset of StripedFly’s true identity, which had effectively evaded previous scrutiny, posing as a cryptocurrency miner. Upon closer examination, it was unveiled as a malicious framework with diverse modules, enabling it to function as an Advanced Persistent Threat (APT), crypto miner, and even a ransomware group. Notably, the cryptocurrency module mined Monero, reaching its peak value at $542.33 in 2018, underlining the malware’s prolonged evasion capabilities.
StripedFly’s operator possesses extensive espionage capabilities, surreptitiously gathering sensitive data, including site and Wi-Fi login credentials, personal information such as names, addresses, phone numbers, and job titles. The malware can also capture screen images and record microphone input without detection.
The initial infection vector remained undisclosed until Kaspersky’s investigation revealed the use of a custom-made EternalBlue ‘SMBv1′ exploit to infiltrate systems. Despite the EternalBlue vulnerability being publicly disclosed in 2017 and Microsoft’s release of a patch (MS17-010), many users’ failure to update their systems has kept this threat relevant.
During technical analysis, Kaspersky experts identified parallels with the Equation malware, such as technical signatures and coding styles reminiscent of the StraitBizzare (SBZ) malware. StripedFly has victimized over a million targets globally, a testament to the attacker’s efforts in crafting this intricate malware.
Sergey Lozhkin, Principal Security Researcher at Kaspersky’s Global Research and Analysis Team (GReAT), emphasized the importance of continuously unveiling and addressing evolving cyberthreats.
Kaspersky researchers recommend measures to protect against such attacks, including regular system and software updates, vigilance in sharing sensitive information, access to threat intelligence, cybersecurity training, and the implementation of endpoint detection and response (EDR) solutions.