In a stunning revelation, cybersecurity researchers at Kaspersky have uncovered a highly sophisticated malware threat that has been hiding in plain sight for five years. Named StripedFly, this malware initially appeared in 2017 as a cryptocurrency miner but was dismissed as insignificant. However, further investigation has revealed that StripedFly is far more dangerous than initially thought.
According to Kaspersky, StripedFly has the capability to execute commands remotely, capture screenshots, steal passwords and sensitive data, record audio using the device’s microphone, move to other devices using stolen credentials, exploit the EternalBlue vulnerability, and mine Monero. The malware’s ability to mine Monero is seen as a diversionary tactic aimed at distracting researchers from analyzing its code.
This tactic appears to have been successful, as an estimated one million devices have allegedly been compromised by StripedFly. However, it’s important to note that this number remains unverified. Kaspersky’s researchers have only obtained data from a Bitbucket repository, which showed 220,000 Windows infections since February 2022. Given that the repository was created in 2018, earlier data is unavailable. However, Kaspersky believes that the number of infections is likely much higher, especially considering that StripedFly targets both Windows and Linux endpoints.
The identity of the perpetrator behind this massive malware campaign is still unknown. While Kaspersky does not explicitly state if the attacker is state-sponsored, they suggest that this is likely the work of an Advanced Persistent Threat (APT), which are typically associated with state-sponsored activities.
Kaspersky’s report highlights the diverse nature of the malware’s payload, enabling it to function as an APT, a crypto miner, and even a ransomware group. The Monero cryptocurrency module connected to StripedFly reached its peak value of $542.33 on January 9, 2018, significantly higher than its value of $10 in 2017. Currently, Monero maintains a value of around $150.
Experts at Kaspersky emphasize that the mining module is the key factor allowing StripedFly to evade detection for such an extended period.
As the investigation into StripedFly continues, cybersecurity professionals and organizations must remain vigilant to protect against this evolving and highly sophisticated malware threat.
